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Eight  products  that  cut  storage  costs 
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9/11  ANNIVERSARY: 

Hurdles  loom  for 
new  emergency 
response  systems 

BY  CAROLYN  DUFFY  MARSAN 

AT  THE  10-year  mark  of  the 
nation’s  most  devastating  ter¬ 
rorist  attack  —  and  one  of  its  big¬ 
gest  disasters  of  any  kind  —  the 
United  States  is  finally  getting 
serious  about  overhauling  its 
emergency  response  systems, 
particularly  its  workhorse  9-1-1 
call  centers. 

The  FCC  is  pushing  Next-Generation  9-1-1  (NG  9-1-1)  sys¬ 
tems,  which  use  Internet  standards  such  as  IP  to  replace 
analog,  voice-centric  technology  developed  more  than  40 
years  ago. 

NG  9-1-1  systems  are  more  reliable  because  they  have 
automatic  failover  between  call  centers.  They  can  accept 
texts,  photos  and  videos,  providing  additional  multime¬ 
dia  information  to  help  first  responders.  And  they  provide 
improved  access  for  hearing  and  speech-impaired  citizens. 
For  enterprise  customers,  NG  9-1-1  is  better  at  pinpointing 
the  precise  location  of  emergency  calls  originating  on  cam¬ 
pus  networks. 

NG  9-1-1  deployment  faces  several  challenges,  including 
how  to  raise  the  hundreds  of  millions  of  dollars  necessary 
to  upgrade  the  existing  patchwork  of  city,  county  and  state- 
run  9-1-1  systems. 

The  biggest  obstacles  for  NG  9-1-1  deployment  are  “funding 

►  See  9/11 ,  page  30 


10  YEARS  AFTER 


9/11  continues  to 
influenced  strategy 


10  YEARS  AFTER 
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FOCUS  ON 
THE  FUTURE 


Everything  from 
that  day  forward 
has  prepared  us  to  handle 
a  crisis  situation  as  part 
of  normal  operating 
procedures.  A  decade 
ago  it  wasn’t  that  way.” 

JOHN  TURNER,  DIRECTOR  OF  NETWORKS 
ANDSYSTEMS,  BRANDEIS UNIVERSITY 
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YOUNEEDJT. 
WE  GET  IT.  ■ 


Elite  Partner 

Networking 


HP  Switch  2610  Series 

CDW 1375876 

■  10/100  managed  switch  available  with 
PoE  in  24-  or  48-port  designs 

■  Robust  management  features  including 
ACLs,  VLANs  and  QoS 

■  Deploy  VoIP  or  Unified  Communications 

■  Includes  a  lifetime  warranty 

52214" 


■BBBBga  Cisco®  Catalyst®  2960-48TC-S 

CDW  1322334 

■  Scalable  and  secure  network  management 

•  Baseline  Network  Admission  Control  based 
on  users,  ports  and  MAC  addresses 

•  Easy  network  configuration,  Cisco  IOS® 
software  updates  and  troubleshooting 
using  the  embedded  device  manager 

$847" 


Switches.  They  keep  organizations 
moving  forward  by  keeping  networks 
from  lagging  behind.  We  get  it  and 
have  partnerships  with  the  industry’s 
leading  vendors  to  get  things  moving 
in  no  time.  Managed  or  unmanaged. 
Mounted  or  unmounted.  Our  account 
managers  and  solution  architects  can 
find  the  right  one  for  your  network. 

All  you  have  to  do  is  call  or  click. 

800.399.4CDW  |  CDW.com/switches 


jumper 

NETWORKS 


Juniper  Networks®  EX2200-48T 
48-port  Ethernet  Switch 

CDW  1971214 

•  Carrier-class  reliability 

■  Security  risk  management 

•  Network  virtualization 

•  Application  control 

■  Lower  total  cost  of  ownership 

$2146" 


PEOPLE 
WHO 
GET  IT 


Offers  subject  to  COW'S  standard  terms  and  conditions  of  sale,  available  at  CDW.com.  W2011  CDW  LLC.  CDW ' ,  CDW  G  and  PEOPLE  WHO  GET  IT ,M  are  trademarksof  CDW,  LLC. 
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Blogs  and  Online 


Our  wireless  cake 


Sprint  last  week  filed  suit  against  AT&T  in  an 

attempt  to  block  that  company’s  $39  billion  acquisi¬ 
tion  of  T-Mobile  USA,  a  cause  that  looks  good  on 
paper  but  is  at  odds  with  consumer  demand  for 
improved  mobile  experiences. 

In  its  suit  Sprint  said  the  AT&T 
acquisition  would  hurt  consumer  and 
ners  by  leading  to  higher  prices  and 
curtailing  innovation,  echoing  charges  levied  in  the  anti¬ 
trust  lawsuit  filed  last  month  by  the  Justice  Depa  rtment. 

The  deal  would,  after  all,  combine  AT&T’s  32%  share 
of  U.S.  wireless  subscribers  with  T- Mobile’s  11%  share, 
creating  a  powerhouse  with  43%  share.  Add  that  to  Veri¬ 
zon’s  33%  share  (according  to  Chetan  Sharma  Consult¬ 
ing)  and  you  have  one  mega  duopoly. 

Sprint  puts  it  this  way:  The  deal  would  give  AT&T  and 
Verizon  control  of  “more  than  three-quarters  of  that  market  and  90%  of  the  profits.” 
Doesn’t  sound  too  healthy. 

But  when  it  comes  to  mobile  services,  we  want  to  have  our  cake  and  eat  it  too. 

We  want  universal  coverage,  more  consistent  connections,  better  data  rates  and 
competitive  pricing.  AT&T  says  the  acquisition  of  T-Mobile  will  help  it  deliver  on 
at  least  the  first  three  demands.  The  T-Mobile  assets  would  give  it  needed  capacity, 
coverage  and  spectrum. 

That  can  only  be  a  good  thing  for  corporate  buyers.  T-Mobile,  after  all,  hasn’t 
exactly  been  lighting  the  wireless  world  on  fire  in  terms  of  investment  and  innova¬ 
tion,  so  in  the  right  hands,  these  assets  would  become  more  significant. 

AT&T  customers  would  benefit,  and  even  Verizon  Wireless  customers  would 
welcome  having  a  stronger  alternative  to  turn  to. 

The  danger,  of  course,  is  so  few  players  amassing  this  much  market  control 
could  reduce  the  need  for  price  competition.  But  having  three  national  players  vs. 
four,  when  the  fourth  was  pretty  far  back  in  the  pack  anyway,  won’t  have  much 
effect  on  enterprise  deal  making. 

The  DOJ  and  FCC,  however,  will  use  that  fear  as  a  club  to  eke  out  concessions 
before  they  let  the  deal  go  through.  For  example,  pundits  expect  AT&T  will  have 
to  divest  assets  in  local  markets  where  the  acquisition  will  drastically  reshape  the 
competitive  landscape. 

While  it  is  impossible  to  say  what  the  courts  will  decide,  recent  history  would 
suggest  an  unwillingness  to  intervene  (witness  the  failed  effort  to  block  the  Oracle- 
PeopleSoft  deal). 

And  look  at  what  the  last  great  telecom  antitrust  case  wrought.  The  eight  com¬ 
panies  that  were  created  in  the  1984  divestiture  of  AT&T  have  largely  regrouped 
to  create  AT&T  and  Verizon.  These  markets,  it  seems,  have  a  habit  of  finding  their 
own  levels,  regardless  of  what  the  government  thinks. 
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Age  bias  in  IT 

©  USUALLY,  THE  BIAS  against  age  seems 
to  be  more  a  bias  against  experience.  Excel¬ 
lent  people  with  great  skills  get  passed 
over  for  kids  with  near-zero  practical 
experience  because  it’s  cheaper  for  the 
company  (Re:  ‘Age  bias  in  IT:  the  reality 
behind  the  rumors”;  tinyurl.com/3t2ysrh). 

I’m  becoming  convinced  that  what’s 
wrong  with  society  cannot  be  fixed  while 
we  still  cling  to  this  horrible  joke  of  a  sys¬ 
tem  that’s  based  on  money.  We  need  to  let 
real-life  values  and  the  scientific  method 
determine  how  we  do  things  —  not  this 
hallucination  called  money  that  is  doing 
untold  damage  everywhere,  including  IT. 

The  fear  and  worry  that  aging  work¬ 
ers  have  to  feel  just  wondering  if  they’ll 
be  able  to  keep  their  job  has  to  do  vast 
damage  to  their  well-being  over  time, 
and  that’s  just  one  minor  segment  of  the 
population  feeling  similar  fear  and  uncer¬ 
tainty.  Isn’t  it  about  time  for  us  to  become 
a  civilized  species?  We’ve  been  trying  for 
quite  a  few  centuries  now. 

crOft 

Giving  back  to  open  source 

©  OF  ALL  THE  bits  in  the  desktop  Linux 
stack,  the  kernel  is  probably  the  most 
robust,  complete  and  supported  piece. 

It  has  no  shortage 
of  contributors  (Re: 

‘Linux  Foundation 
chief:  ‘You  are  an  idiot’ 
if  you  don’t  give  back  to 
open  source”;  tinyurl. 
com/3dx7y!6). 

The  rest  of  the  stack 
needs  love,  folks.  I  for 
one  don’t  care  if  Canon¬ 
ical  never  contributes 
a  single  line  of  kernel 
code  if  it  means  it  can 
focus  on  improving  the 
desktop  and  apps. 

Zemlin  should  keep  in  mind  that  the 
kernel  is  worth  nada  if  there  isn’t  good 
software  to  stack  on  top  of  it.  Let  people 
do  their  own  part  and  quit  whining. 

Alan 

©  WHAT  A  MYOPIC  viewpoint  this  is!  One 
of  the  biggest  contributions  that  Ubuntu 
did  was  to  popularize  using  Linux.  I’ve 
corresponded  with  a  lot  of  people  like  me 
that  have  been  putting  Ubuntu  on  every 
old  machine  they  could  get  their  hands  on 


for  the  last  four  years.  Sure,  it  brings  a  lot 
of  noobs  into  our  ecosystem,  but  I  think 
it’s  a  good  thing  to  get  feedback  from  real- 
world  end  users. 

Red  Hat?  It  should  be  recognized  for  its 
technology  contributions,  but  it  doesn’t 
provide  much  for  an  end  user;  it’s  more 
interested  in  support  contracts  with  the 
world’s  top  companies.  I’m  sure  not  going 
to  install  Fedora  on  Aunt  Peggy’s  laptop. 

But  now  that  Canonical  has  gone 
against  common  sense  in  the  GUI  (as  well 
as  KDE  and  GNOME)  we  implementors 
are  starting  to  look  hard  at  alternatives. 
Good  thing  Debian’s  still  kicking,  and  its 
Squeeze  with  XFCE  offers  what  many 
people  need  for  general  use. 

I  thought  this  article  might  say  some¬ 
thing  about  Zemlin’s  own  contributions, 
but  he’s  a  new  name  for  me.  Why  was 
he  chosen  to  be  executive  director  for 
the  Foundation?  Why  does  his  opinion 
matter? 

Anonymous 

©  I F  W  E  A  R  E  truly  talking  about  open 
source  and  free  use,  there  should  be  no 
expectation  that  users  should  “give  back” 
—  as  long  as  they  follow  the  licensing 
attached  to  said  sources  by  their  authors. 

Any  other  constraint  makes  them 
‘non-free.” 

Anonymous 

HP's  trusty 
calculator 

©  RPN  IS  WONDERFUL. 

It  works  the  way  you 
think.  I’ve  never  felt 
lost,  even  solving  a  long 
or  complex  equation, 
on  an  RPN  calculator 
(Re:  HP’s  trusty  12c 
financial  calculator 
turns  30”;  tinyurl. 
com/43yqx9w). 

HP  discontinued  the  12C  briefly  when 
it  discontinued  all  of  the  “Pioneer”  series 
(IOC,  11C,  12C,  15C,  16C).  Due  to  mar¬ 
ket  demand  the  12C  was  put  back  into 
production.  I  wish  HP  would  do  it  for 
the  15  and  16.  Those  trade  secondhand  at 
multiples  of  their  original  price. 

The  12C  is  such  a  broadly  recognized 
standard  that  it’s  been  cloned.  If  you  love 
it  for  function  and  not  the  prestige  of  its 
marque  then  investigate  a  Victor  12. 

Edward  Landefeld 


The  kernel  is 
worth  nada  if 

there  isn’t  good 
software  to 
stack  on  top  of  it. 
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Safe  is  advantage. 

Safe  is  profit. 

Safe  is  outright  liberating. 


But  safe  doesn't  come  easy. 

Especially  when  the  dark  forces  are  plotting 


It  requires  that  delicate  combination  of  brains  and  obsession,  ■■ 

A  brutally  effective,  global  team  that  can  snuff  out  danger 
before  it  gets  dangerous. 

That's  McAfee,  the  world's  largest  dedicated  security  company. 

We  live  and  breathe  digital  security.  Our  job  is  to  stay  one  step  ahead. 

We  know  that  today  real  security  isn't  about  "where,"  it's  about  everywhere. 
Every  device,  every  connection,  every  location,  every  second. 


It's  because  we  never  sleep,  that  you  can  sleep  better. 


5  McAfee 


www.mc.afee.  Co  m/safe 
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Mixed  bag  on  IT  head  count 

WHILE  THE  MAJORITY  of  CIOs  plan  to  maintain  current  IT 
head  count,  12%  are  eyeing  expansions  and  6%  are  expecting 
cutbacks  in  the  fourth  quarter  of  2011,  according  to  Robert  Half 
Technology.  Good  luck  to  those  looking  to  expand.  Two-thirds 
(66%)  of  CIOs  surveyed  by  the  staffing  firm  said  it’s  challeng¬ 
ing  to  find  skilled  professionals  today,  compared  to  48%  who 
thought  so  in  the  previous  quarter.  The  most  challenging  areas 
to  find  talent  are  in  security  (cited  by  18%  of  CIOs),  network¬ 
ing  (17%),  data/database  management  (11%)  and  help  desk/ 
technical  support  (11%).  From  an  industry  perspective,  trans¬ 
portation  is  the  hottest  sector  for  IT  hiring.  Among  CIOs  in  the 
transportation  sector,  18%  plan  to  expand  their  IT  departments. 
tinyurl.com/3btwj49 
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Free  beta:  HP's 
cioud  services 

HP  JUST  launched  a  beta  infra- 
structure-as-a-service  offering, 
called  HP  Cloud  Services,  to 
provide  compute  and  storage 
resources  from  its  own  data 


centers.  HP  will  use  the  Open- 
Stack  set  of  open-source  cloud 
software  tools  to  provide  the 
foundation  for  its  initial  services, 
HP  Cloud  Compute  and  HP 
Cloud  Object  Storage.  During  the 
beta  period,  users  will  get  mock 
invoices  but  HP  won’t  charge  for 
either  service.  When  the  offering 


goes  into  full  production  mode, 
customers  will  be  charged  on 
a  pay-as-you-go  basis,  tinyurl. 
com/3u6emhf 

IBM  luring  SMBs 
with  expanded 
finance  options 

IBM  HAS  pledged $1  billion 
in  financing  to  help  small  and 
midsize  businesses  procure 
certain  IBM  systems  and  ser¬ 
vices,  including  offers  for  cloud 
services,  big  data  and  analytic 
systems.  IBM  Global  Financing 
will  handle  the  loan  process¬ 
ing  and  paperwork,  and  the 
company  says  applicants  can  get 
approvals  within  60  seconds. 
Typically,  IBM  Global  Financ¬ 
ing  customers  will  repay  the 
loans  over  36  months,  in  either 
monthly  or  quarterly  incre¬ 
ments.  Loans  can  start  with 
interest  rates  as  low  as  0.0% 
for  12  months,  with  no  money 
down,  tinyurl.com/3n3ohcp 


Linking  iPhones 
to  satellites 


SATELLITE  SERVICE  provider 
Iridium  is  introducing  a  rug- 
gedized  satellite  phone  called 
Extreme  and  an  access  point 
that  enables  communica¬ 
tions  anywhere  on  the  face  of 
the  Earth  from  BlackBerry 
and  Android  mobile  devices. 
Support  for  Apple’s  iOS-based 
gear  is  due  later  this  year.  The 
two  new  devices  enable  use  of 
data  applications  on  mobile 
smartphones  and  tablets  that 


ST  VIDEO 

Unboxing  the 
4TB  Seagate 
GoFlex  Desk 

Network  World's  Keith 
Shaw  opens  the  new  4TB 
GoFlex  Desk  external 
hard  drive  from  Seagate 
and  tries  to  explain  how 
much  storage  space  4TB 
represents  through  the 
power  of  small  chocolate 
candies. 

tinyurl.com/3sc5czt 


have  Wi-Fi  capabilities,  and 
the  access  point  bridges  the 
connection  over  the  Iridium 
satellite  network.  The  speed 
of  the  data-only  connections 
is  26Kbps  to  27Kbps,  suitable 
for  email  and  Internet  access. 
Some  of  Iridium’s  partners  also 
are  creating  services  around 
the  phone’s  capabilities,  such 
as  a  tracking  service  for  mining 
operations  and  a  geo-fencing 
service  that  lets  users  know 
when  they  are  reaching  a 
boundary  or  border  so  they 
don’t  wander  into  restricted 
areas,  tinyurl.com/3vjqnhk 

Google  puts 
Desktop  app 
out  to  pasture 

GOOGLE  IS  retiring  Desktop, 
an  application  it  launched  in 
2004  to  let  people  search  for 
files  and  data  stored  on  their 
PCs.  Google  attributed  the  move 
to  the  growing  popularity  of 
cloud  computing  and  users’ 
increasing  comfort  with  the 
concept  of  storing  data  and 
files  online,  but  frankly  the 
product  just  wasn’t  that  useful. 
Desktop  is  one  in  a  string  of 
products  that  have  been  nixed 
since  co-founder  Larry  Page 
took  over  as  CEO  in  April  and 
promised  the  company  would 
put  “more  wood  behind  fewer 
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TOUGH  QUESTION  #18 


NETWORK  SECURE  WEB  AND  E-MAIL  BACKUP  AND  POLICY  AND 

SECURITY  REMOTE  ACCESS  SECURITY  RECOVERY  MANAGEMENT 


WHO  MAKES  THE  HIGHEST  PERFORMANCE 
LOW  LATENCY  NEXT-GEN  FIREWALL? 


APPLICATION 

CONTROL 


DPI-55L 

INSPECTION 


BANDWIDTH 

MANAGEMENT 


INTRUSION 

PREVENTION 


WAN 

ACCELERATION 


SONICWALL 

ENTERPRISE. 


SonicWALL®  enables  IT  to  get  back  in  control  and  more  easily  and  efficiently  stay  ahead 
of  today’s  constantly  evolving  threats  and  application-related  issues.  An  advanced 
security  platform  consolidates  core  Next-Gen  Firewall  application  intelligence,  control 
and  visualization,  gateway  protection,  and  inspection  for  SSL  encrypted  sessions 
for  enterprises  along  with  WAN  acceleration  for  distributed  offices.  SonicWALL’s  low 
latency  platform  scans  and  secures  every  packet  of  every  protocol,  efficiently  securing 
the  network,  controlling  Web  2.0  apps,  and  optimizing  bandwidth. 

Secure  network  optimization  that  minimizes  complexity  and  latency  is  now  within 
reach.  Learn  about  our  SuperMassive'!1  ET0000  Series  and  the  rest  of  our  network 
security  line-up  at 

: ’•  A  • 


SONICWALL 
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Researchers  tout  full-duplex 
wireless  breakthrough 


RICE  UNIVERSITY 

researchers  have 
demonstrated  full- 
duplex  wireless  tech¬ 
nology  that  would 
allow  a  doubling  of 
network  traffic  —  a 
breakthrough 

JEFF  FITLOW/RICE  UNIVERSITY 

that  could 

make  using  video  on  smartphones  main¬ 
stream.  What's  more,  the  NSF-funded  research 
shows  that  an  upgrade  could  be  made  with  min¬ 
imal  hardware  upgrades,  including  at  cell  towers. 

The  Rice  researchers  exploit  multiple-input  multiple- 
output  (Ml MO)  antenna  technology  among  others  to 
accomplish  the  full-duplex  feat  that  they  say  could 
become  reality  in  a  few  years  as  carriers  upgrade  their 
networks  to  4.5G  or  5G  wireless. 


Cybercrime  gives  drug 
trafficking  run  for  money 


THE  2011  Norton  Cybercrime  Report  estimates  the 
total  cost  of  cybercrime  at  $388  billion  per  year, 
which  includes  $114  billion  in  direct  theft  and  time 
spent  resolving  attacks  pius  another  $274  billion  for 
productive  time  victims  lost  due  to  cybercrimes  being 
committed  against  them.  In  all,  589  million  have  been 
affected  by  cybercrime,  431  million  of  them  in  the 
past  12  months,  according  to  the  study,  which 
was  carried  out  in  24  countries  and  included 

19,636  interviews. 

The  report  says  the 
cybercrime  numbers 
rival  those  of  global 
drug  trafficking,  esti¬ 
mated  at  $411  billion. 
Cybercrime  already 
surpasses  the  total  of 
black  market  mari¬ 
juana  and  cocaine 
sales,  Norton  says, 
which  totals  $288 
billion. 


Twitter  trouble 


A  SAN  Antonio  man  has  been  charged  by  a  grand  jury 
in  San  Francisco  with  harassing  Google  VP  Marissa 
Mayer  via  more  than  20,000  Twitter  posts,  including 
many  threatening  and  nasty  ones.  The  defendant 
could  face  up  to  seven  years  in  prison  if  con¬ 
victed,  according  to  an  Associated  Press  report. 
Mayer  was  Google’s  first  female  engineer. 


arrows.”  Among  the  products 
discontinued  are  Google  Health 
and  Google  PowerMeter.  The 
company  is  also  going  to  close 
its  Google  Labs  website,  tinyurl. 
com/3mnuekr 


Tablets  take 
a  bite  out  of 
PC forecast 

YOUNGER  AUDIENCES  are 

shunning  PCs  for  tablets,  and 
PC-reliant  businesses  are 
delaying  upgrades  —  which 
translates  into  a  sharp  drop  in 
Gartner’s  PC  shipment  growth 
forecast  for  this  year  and  next. 
Worldwide  PC  shipments  will 
amount  to  roughly  364  million 
units,  a  3.8%  increase  compared 
to  last  year,  Gartner  said.  The 
firm’s  previous  forecast  of 
9.3%  was  made  in  June  before 
economic  struggles  heightened 
in  mature  markets  such  as  U.S. 
and  Europe.  Looking  ahead,  PC 
shipments  will  grow  by  10.9% 
in  2012  compared  to  this  year, 
lower  than  the  12.8%  previously 
projected  by  Gartner,  tinyurl. 
com/3d2rjlm 


Free  security 
tool  detects 
banking  malware 


FINNISH  PENETRATION  test 


ing  company  Fitsec  released  a 
free  tool  it  says  can  detect  five 
major  families  of  malicious 
software  that  steal  online  bank¬ 
ing  credentials.  The  tool,  called 
Debank,  works  by  scanning  a 
computer’s  process  memory  for 
any  variants  of  Spy  Eye,  Zeus, 
CarBerp,  Gozi  and  Patcher.  The 
malware  has  to  be  running  for 
Debank  to  detect  it,  and  the 
tool  only  works  on  computers 
running  Windows.  Fitsec  has 
used  the  tool  to  scan  its 


customers’  machines 
and  decided  to 
make  it  avail¬ 
able  for  free 
download. 

“We  had 


PARITY  BITS 


Percentage 


dents  to  a 


AlgoSec  that 
cited  human 
error  in  the 


tion  of  net¬ 
work  devices 
as  the  most 
common 
cause  of 
outages  in 
the  past  12 


no  reason  to  start  charging  for 
it,”  says  company  founder  Toni 
Koivunen.  “Basically,  we  hate 
malwar  e."  tinyurl.com/3bxhj6j 


Google  hungry 
for  trustworthy 
reviews 

GOOGLE  HAS  acquired  restau¬ 
rant  ratings  publisher  Zagat  to 
boost  its  online  maps  and  local 
business  listings  with  trustwor¬ 
thy  reviews  and  recommenda¬ 
tions.  Google  says  it  bought 
Zagat,  which  was  founded 
in  1979,  because  of  its  brand, 
reputation  and  the  quality  of  its 
surveys  and  reviews,  which  it 
publishes  in  print  guides  and 
online.  Terms  of  the  deal  were 
not  disclosed.  Best  known  for  its 
restaurant  ratings,  Zagat  also 
surveys  consumers  about  the 
quality  of  hotels,  nightclubs  and 
other  leisure-focused  busi¬ 
nesses.  tinyurl.com/3fvx2bd 
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DB2  on 

POWER: 

3x  faster. 

Check. 

As  low  as 

1/3  the  price 

Mate. 


Which  database  has  the  right  moves?  DB2®  on  Power  Systems™  performs 
three  times  faster  per  core  than  Oracle  Database  on  SPARC— based  on 
both  TPC-C  and  SAP®  SD  benchmarks*  Yet  the  price  of  DB2  is  as  low  as 
1/3  the  price  of  Oracle  Database?  Maybe  that’s  why  in  2010  over  1,000 
Oracle  Database  clients  chose  DB2  instead.  Game  over. 

ibm.com/facts 


•PERFORMANCE:  www.tpc.wg  as  of  3/28/11  [IBM  Power  780  (3  x  64  C)(24  Ch/192  C/768  Th);  10.366.254  tpmC;  $1.38/tpmC;  avail.  10/1?/|0  v.  Oracle  SPARC  SpperCluster  w/T3-4  Servers  (27  x  64  C)(108  Ch/1728  C/13824  Th); 
30,249,688  tpmC;  $1.01/tpmC;  avail.  6/1/11],  TPC-C  is  a  trademark  of  Transaction  Performance  Processing  Council.  2-tier  SAP  SD  Standard  application  benchmark  results,  as  of  3/28/11  [IBM  Power  795  (32  P/256  C/1024  Th); 
126.063  users.  SAP  ERP  6.0  EhP4/AIX  7.1  +  DB2  9.7:  cert.  2010046  v.  Oracle  SPARC  Enterprise  Server  M9000  (64  P/256  C/512  Th);  39.100  users,. SAP  ERP  6.0/SotarisTO.  Oracle  lOg;  cert  2008042]  www.sap.com/benchmark 
SAP  and  all  SAP  logos  are  trademarks  or  registered  trademarks  ot  SAP  AG  in  Germany  and  several  other  countries,  "PRICE:  based  op  publicly  ayall.  US.  info  On  2/10/2011  for  IBM  DB2.Advanced  Enterprise  Edition  +  Oracle 
software  w/comparable  capabilities.  No  SAP  SD  benchmark  results  are  used  for  any  price/performance  metrics.  IBM;  100  Processor  Value  Upiis. Oracle;  assumes  TO  processor  multiplier.  Both  incl.  Y1  maint/support.  IBM,  the 
IBM  logo,  ibm.com.  DB2,  Power  Systems,  Smarter  Planet  and  the  planet  icon  are  trademarks  of  International  Business  Machines  Corp,  registered  in  many  junsdict.ons  worldwide  Other  product  and  service  names  might  be 
trademarks  of  IBM  or  other  companies  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/copytrade.shtml.  ©  International  Business  Machines  Corporation  2011. 


SPECIAL  FOCUS 


Inside  Cisco’s  global  security  operations 


Senior  security  analysts  meet  via  TelePresense  and  teleconference  to  discuss  current  threats  and 
plan  content  for  Cisco’s  weekly  Cyber  Risk  Report. 


BY  ANN  BEDNARZ 

AUSTIN  —  In  the  ongoing  battle  against 
enterprise  security  threats,  Cisco  has  amassed 
an  army  of  SOO  engineers,  researchers  and 
technicians  deployed  in  11  primary  locations 
worldwide,  whose  marching  orders  are  to 
analyze  threats  and  do  everything  possible  to 
mitigate  those  threats  as  quickly  as  possible. 

The  nuclei  of  Cisco’s  distributed  system  are 
its  Threat  Operations  Centers  (TOC),  one  of 
which  is  located  in  a  nondescript  office  build¬ 
ing  outside  of  Austin,  Texas,  which  Network 
World  recently  visited. 

The  amount  of  security-related  data  pour¬ 
ing  into  the  TOC  is  staggering.  “I  never  wake 
up  in  the  morning  and  think  I  don’t  have 
enough  access  to  data.  I  do  wake  up  frequently 
in  the  morning  and  think,  ‘What  are  we  going 
to  do  with  all  this  data?”’  says  Rush  Carskad- 
den,  a  product  line  manager  in  Cisco’s  secu¬ 
rity  technology  business  unit. 

The  task  that  drives  Carskadden  and  his 
colleagues  is  to  put  all  the  data  in  context.  Pro¬ 
viding  context  is  critical  to  discovering  and 
thwarting  enterprise  threats  that  are  becom¬ 
ing  increasingly  complex  and  multipronged. 
Blended  threats  aren’t  new,  but  they’re  grow¬ 
ing  in  prevalence  and  severity. 

“We’re  seeing  blended  threats  that  act  just 
as  intelligently  as  a  very  good  penetration 
tester  would  act,”  Carskadden  says.  Meaning, 
they’re  patient,  thoughtful  and  persistent. 
“The  real  surprise  is  the  degree  to  which  and 
the  sophistication  with  which  these  threats 
are  automated.” 

Tying  it  all  together 

Tying  together  threat  intelligence  is  essen¬ 
tially  the  mission  of  Cisco’s  Security  Intel¬ 
ligence  Operations  (SIO),  which  provides 
threat  information,  vulnerability  analysis 
and  mitigation  solutions  to  enterprise  cus¬ 
tomers.  SIO  is  the  command  center  for  Cisco’s 
security  services  and  appliances. 

Organizationally,  there  are  three  main  pil¬ 
lars  of  SIO.  This  first  is  SensorBase,  the  data 
repository. 

SensorBase  collects  raw  event  data  from 
more  than  700,000  sensors  built  into  Cisco 
network  security  devices  deployed  world¬ 
wide,  including  intrusion  prevention  sys¬ 
tems,  firewalls  and  Web  security  systems. 
SensorBase  on  average  processes  2  billion 
Web  requests  and  13  billion  emails  daily, 
resulting  in  several  terabytes  of  new  threat- 
related  data  every  day. 

Recently,  Cisco  equipped  its  AnyConnect 
VPN  client  to  participate,  which  opens  the 


door  to  millions  of  client  devices  that  could 
also  contribute  threat  intelligence  and  data 
back  into  the  SensorBase  database. 

“We  have  just  begun  to  digest  some  of  the 
information  that  we’re  getting  from  secure 
clients,”  Carskadden  says.  “It’s  amazing  how 
much  information  is  out  there.  It’s  not  all  that 
valuable  when  you’re  just  looking  at  data 
from  secure  clients,  but  when  you  compare  it 
with  everything  else,  you  see  all  kinds  of  pat¬ 
terns.  It’s  massive.” 

SensorBase  also  aggregates  data  from  600 
third-party  news  and  data  feeds,  such  as 
DNS  registry  information,  public  blacklists 
and  whitelists,  as  well  as  a  global  network 
of  spam  traps.  Cisco  also  partners  with  ISPs 
and  hosting  companies  to  gain  visibility  into 
domain  traffic. 

The  second  pillar  of  SIO  is  Cisco’s  TOC, 
where  the  overarching  goal  is  to  transform 
the  massive  SensorBase  threat  database  into 
something  useful.  Information  gets  pushed 
to  products  in  the  form  of  automated  rules 
and  signatures,  and  published  to  customers 
through  security  alerts,  product  advisories 
and  threat  mitigation  bulletins. 

Cisco  has  automated  algorithms  to  process 
SensorBase  data,  and  the  tools  generate  about 
95%  of  the  rules  updates  that  Cisco’s  security 
devices  use.  People  do  the  rest  —  researching 
threats,  publishing  alerts,  designing  mitiga¬ 
tion  solutions,  hand-tuning  new  rules  and 
packaging  rules  for  device  updates.  These 
people  are  the  heart  of  the  TOC. 

The  third  main  component  of  ISO,  dubbed 
Dynamic  Updates,  is  the  communications 


hub,  responsible  for  streaming  information 
and  updates  to  Cisco  devices  and  custom¬ 
ers.  Some  of  the  automatic  updates  for  Cisco 
products  occur  in  real  time:  Reputation  data 
used  by  Cisco  security  devices  to  block  traf¬ 
fic  from  known  malicious  senders  is  updated 
continuously,  for  instance.  Other  systems, 
such  as  Cisco’s  Intrusion  Prevention  System 
(IPS),  check  for  new  rules  roughly  every  five 
minutes. 

The  Dynamic  Updates  group  also  is  respon¬ 
sible  for  distributing  all  the  alert  notices,  vul¬ 
nerability  synopses  and  best-practices  publi¬ 
cations  that  the  analysts  and  engineers  in  the 
TOC  produce. 

Taken  together,  Dynamic  Updates  manages 
three-  to  five-minute  device  updates,  3,300 
IPS  signatures,  more  than  20  publications, 
more  than  200  tracking  parameters  and  8 
million  rules  per  day.  “The  purely  automated 
aspect  of  this  is  churning  along  at  a  rate  that 
we  could  not  possibly  reach  with  just  exper¬ 
tise  alone,”  Carskadden  says. 

Inside  Threat  Operations  Center 

Cisco  has  invested  more  than  $100  million  on 
research  and  development  within  TOC.  The 
specialties  of  the  myriad  research  teams  vary. 
Some  of  the  engineers  are  expert  in  reverse¬ 
engineering  malware.  Others  are  tasked  with 
infiltrating  botnets,  performing  penetration 
testing  and  helping  customers  protect  their 
networks  against  active  threats. 

The  Cisco  Applied  Security  Research  ( ASR) 
team,  for  instance,  looks  for  vulnerabilities 

>  See  Cisco,  page  12 
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Introducing 
server  room 


in  a  box 


APC  integrated  cooling  future-proofs  your 
IT  room  without  breaking  the  bank. 

Is  your  server  room  a  barrier  to  adopting  new  technologies? 


APC  rack- 
based  cooling 
draws  in  hot 
air  from  the 
rear,  at  its 
source,  and 
then  sends 
conditioned 
air  out  the 
front,  ready 
to  be  used 
by  adjoining 
racks. 


Consolidation,  virtualization,  network  convergence,  blade  servers— these  new  technologies 
improve  efficiency,  cut  costs,  and  allow  you  to  “do  more  with  less.”  But  they  also  bring 
high-density  power,  cooling,  and  management  challenges  that  server  rooms  were  never 
designed  to  handle.  You're  relying  on  guesswork,  depending  on  building  air  conditioning, 
or  improvising  remedies.  So  how  can  you  increase  the  level  of  reliability  and  control  in  your 
server  room  without  spending  a  fortune? 

Introducing  the  APC  by  Schneider  Electric™  total  server  room  solution 

Now  you  can  get  power,  cooling,  monitoring,  and  management  components  that  easily 
deploy  together  as  a  complete,  integrated  solution.  Everything  has  been  pre-engineered 
to  work  together  and  integrate  seamlessly  with  your  existing  equipment.  Just  slide  this 
proven,  plug-and-play  solution  into  most  existing  spaces— there’s  no  need  for  confusing 
cooling  configurations  or  expensive  mechanical  re-engineering.  The  modular,  “pay  as  you 
grow”  design  lets  you  be  1 00  percent  confident  that  your  server  room  will  keep  pace  with 
ever-changing  demands. 

Future-proof  your  server  room  easily,  cost-effectively 

APC  takes  the  hassle  out  of  configuring  server  rooms.  Self-contained  InRow™  cooling 
units,  high-density  NetSheiter™  enclosures,  and  the  APC  rack  air  containment  system 
combine  to  create  a  proper  IT  ecosystem  in  almost  any  surrounding.  Rack-level  monitoring 
sensors,  intelligent  controls  built  into  the  cooling  unit,  and  integrated  management  software 
provide  complete  remote  control  and  unprecedented  visibility  into  the  entire  system. 

Simply  add  power  protection  (like  undisputed  best-in-class  Smart-UPS™  or  Symmetra™ 
units)  and  you  have  a  total  solution  for  today,  tomorrow,  and  beyond. 


If  you  have  dedicated  IT  space . . . 

Getpre-validated, 
high-density  cooling 
as  a  single  offering. 

APC  InRow  SC  System  combines  an 
InRow  SC  precision  cooling  unit  (up  to  7  kW 
capacity),  NetSheiter  SX  rack  enclosure,  and 
rack  air  containment  system,  for  a  limited 
time,  at  a  specially  discounted  price’ 


If  you  don't. . . 


Introducing  the  NetSheiter  Office  CX:  portable 
server  cabinets,  with  extreme  noise  reduction, 
designed  for  office  environments. 


Learn  how  to  reduce  cooling  expenses 
with  our  FREE  cooling  efficiency  kit. 


Visit  www.apc.com/promo  Key  Code  g118v  •  Call  888-289-APCC  x6296  •  Fax  401-788-2797 


by  Schneider  Electric 


©201 1  Schneider  Electric.  All  Rights  Reserved.  Schneider  Electric,  APC,  InRow,  NetSheiter,  Smart-UPS,  and  Symmetra  are  trademarks  owned  by  Schneider  Electric  Industries  SAS  or  its  affiliated  companies, 
email:  esupport@apc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  •  998-2029 'Full  details  are  available  online. 


TREND  ANALYSIS 


Microsoft  accused  of  collecting  location  data 


BY  JOHN  COX 


MICROSOFT  SAID  this  week  it  is  investi¬ 
gating  a  lawsuit’s  allegation  that  the  camera 
application  on  Windows  Phone  7  handsets 
collects  location  data  from  nearby  Wi-Fi  and 
cellular  networks  —  even  if  the  user  refuses 
permission  to  do  so. 

But  the  company  repeated  its  assurance 
that  it  doesn’t  associate  a  unique  identifier 
with  the  location,  so  the  data  collected  by  the 
application  and  stored  on  Microsoft  servers 
“cannot  be  correlated  to  a  specific  device  or 
user.  Any  transmission  of  location  data  by  the 
Windows  Phone  camera  would  not  enable 
Microsoft  to  identify  an  individual  or  ‘track’ 
his  or  her  movements.” 

But  that  statement  still  leaves  questions 
unanswered,  and  Microsoft  has  given  no  sign 
as  to  when,  or  whether,  it  will  address  them. 

The  allegation  of  location  snooping  is  at  the 
center  of  a  proposed  class  action  lawsuit  filed 
last  week  in  federal  court  in  Seattle  on  behalf 
of  a  Michigan  woman,  Rebecca  Cousineau, 
and  “all  others  similarly  situated.”  The  legal 
firm  filing  the  suit,  Seattle-based  Tousley 
Brain  Stephens,  hired  a  security  researcher, 
Samy  Kamkar,  to  test  whether  the  applica¬ 
tion  was  collecting  the  data  and  sending  it 
to  a  location  database  on  a  Microsoft  server, 
according  to  CNET. 

The  lawsuit  charges,  according  to  the 


original  Reuters 
story  on  Aug.  31,  that  | 

Microsoft  “inten¬ 
tionally  designed 
camera  software  on 
the  Windows  Phone 
7  operating  system 
to  ignore  customer 
requests  that  they  not 
be  tracked.”  In  the  case 
of  the  Windows  Phone  camera,  the  location 
data  is  intended  to  be  associated  with  a  user’s 
photos. 

“The  Windows  Mobile  operating  sys¬ 
tem  is  clearly  sending  information  that  can 
lead  to  accurate  location  information  of  the 
mobile  device  regardless  of  whether  the  user 
allowed  it,”  Kamkar  wrote  in  his  analysis, 
which  is  part  of  the  lawsuit.  He’s  probably 
best  known,  according  to  a  Wikipedia  entry, 
for  creating  and  releasing  the  first  self-prop¬ 
agating  cross-site  scripting  worm,  dubbed 
the  Samy  worm,  into  MySpace,  causing  the 
website  to  crash.  He  pled  guilty  to  a  felony 
charge  of  computer  hacking,  and  recently  has 
been  focused  on  researching  computer  loca¬ 
tion  and  privacy  issues,  most  notably  with 
regard  to  Google’s  Android  mobile  operat¬ 
ing  system. 

According  to  news  accounts,  Kamkar’s 
lawsuit  analysis  concludes:  “When  hitting 
‘cancel’  to  prevent  your  location  information 


from  being  shared,  the  phone 
continues  to  intermittently 
transmit  information  from 
Wi-Fi  networks  and  cellular 
towers  to  a  host  owned  by 
Microsoft  Corporation  lead¬ 
ing  to  the  user’s  location.  The 
Windows  Mobile  operating  system  is 
clearly  sending  information  that  can  lead  to 
accurate  location  information  of  the  mobile 
device  regardless  of  whether  the  user  allowed 
the  Camera  application  to  share  location 
information  or  not.” 

The  suit  asks  the  court  to  order  Microsoft 
to  stop  gathering  location  data  after  users 
choose  not  to  allow  it,  and  seeks  damages. 

In  its  response  this  week,  sent  first  to  Inter¬ 
national  Business  Times  and  then  GeekWire, 
Microsoft  reiterates  its  position:  “Because  we 
do  not  store  unique  identifiers  with  any  data 
transmitted  to  our  location  service  database 
by  the  Windows  Phone  camera  or  any  other 
application,  the  data  captured  and  stored  on 
our  location  database  cannot  be  correlated  to 
a  specific  device  or  user.  ” 

Microsoft  did  not  say  when  its  investiga¬ 
tion  would  be  complete.  To  date,  Microsoft 
along  with  Apple,  Google  and  the  wireless 
carriers  have  given  only  general  outlines  of 
what  user  and  location  data  they  collect,  the 
reasons  for  doing  so,  and  how  and  when  the 
data  is  used.  ■ 


►  Cisco,  from  page  10 

in  key  technology  areas  and  provides  current 
threat  indications  and  analysis.  Vulnerability 
information  that’s  related  to  Cisco  products 
and  networks  gets  handled  by  Cisco’s  Product 
Security  Incident  Response  Team  (PSIRT), 
which  investigates  the  vulnerabilities  and 
does  the  associated  public  reporting. 

The  Cisco  IPS  Signature  Team  researches 
exploits  and  writes  vulnerability-  and  exploit- 
specific  signatures  that  are  used  by  IPS  prod¬ 
uct  lines.  It’s  challenging  work  that  requires 
coding  experience,  security  savvy  and  what’s 
dubbed  “field  knowledge”  —  which  can 
involve  fraternizing  with  the  hackers  who 
make  and  use  the  exploits. 

Network  World  sat  in  on  the  June  23  Cyber 
Risk  Report  meeting,  where  participants  dis¬ 
cussed  current  threats,  weighed  which  ones 
were  significant  and  considered  the  angle 
that’s  most  relevant  for  their  readership:  the 
network  and  security  professionals  who  have 


to  protect  their  environments  from  dangerous 
technologies,  intrepid  hackers  and  sometimes 
misguided  users. 

“As  much  as  we  can  do  with  technology,  a  lot 
of  it  boils  down  to  the  people  who  are  sitting 
there,  clicking  on  things,”  says  Jeff  Shipley, 
whose  experience  includes  20  years  spent 
with  the  U.S.  Army  in  security  and  intelli¬ 
gence,  special  operations  and  the  National 
Security  Agency.  “The  teams  throughout  the 
Threat  Operations  Center  focus  on  pushing 
intelligence  not  only  to  the  products  but  also 
to  the  customers  directly,  so  they’re  increasing 
their  awareness.” 

Information  sharing 

Committing  to  the  research  and  development 
that  SIO  requires  is  no  small  investment.  “It’s 
a  significant  research  burden  to  stay  on  top  of 
this,”  Carskadden  admits. 

The  payoff  is  clear  when  the  disparate 
technologies  and  resources  from  SIO  come 
together.  For  instance,  if  Cisco’s  IPS  gear 


takes  advantage  of  reputation-scoring  data 
from  Cisco’s  Web  security  technologies  and 
filters  from  Cisco  SIO,  the  effectiveness  of 
IPS  goes  up  significantly.  “We’ve  roughly 
doubled  the  efficacy  of  a  stand-alone  IPS,” 
Carskadden  says. 

Adding  greater  context  to  threat  analy¬ 
sis  also  pays  huge  dividends  on  the  timeli¬ 
ness  front.  In  one  instance,  SIO  detected  an 
emerging  threat,  based  on  security  event 
data  fed  to  SensorBase,  and  researchers 
were  able  to  glean  information  about  how  the 
threat  would  propagate,  based  on  a  charac¬ 
teristic  they  detected  in  its  random  number 
generator. 

“That  depth  of  intelligence  enabled  us,  in 
a  very  specific  example,  to  provide  an  update 
that  would  indicate  by  trajectory,  IP  block  by 
IP  block,  who  had  likely  already  been  infected. 
We  could  increase  the  risk  associated  with 
those  IP  blocks  dynamically,  as  it  propagated,” 
Carskadden  explains.  “That’s  literally  staying 
ahead  of  the  threat.”  ■ 
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TREND  INMYSSS 


IBM’s  futuristic  storage  aims  for  speed,  density 


BYSTEPHEN  LAWSON, 

IDG  NEWS  SERVICE 

IBM  IS  working  on  both  super-fast  and 
super-dense  storage  media  that  should  reach 
enterprises  before  the  end  of  this  decade,  and 
demand  in  some  industries  looks  likely  to 
keep  pace  with  the  advances. 

The  amount  of  data  that  enterprises  have 
to  deal  with  is  growing  so  fast  that  they  are 
coming  up  against  power  and  space  limits 
and  grappling  with  how  to  manage  the  infor¬ 
mation,  according  to  analysts,  users  and  IBM 
officials  at  a  press  event  that  the  company 
hosted  in  San  Francisco  on  Wednesday. 

IBM  highlighted  two  futuristic  technolo¬ 
gies  that  researchers  are  exploring  now  to 
address  separate  challenges:  how  to  make 
primary  data  available  faster  and  how  to 
pack  archived  information  into  a  smaller 
space.  For  the  former,  the  company  is  devel¬ 
oping  so-called  “racetrack”  storage,  in  which 
data  is  stored  in  different  magnetic  regions 
that  travel  over  short,  nano-scale  wires  when 
accessed.  It  may  come  on  sale  in  five  to  seven 
years,  according  to  Bruce  Hillsberg,  IBM’s 
director  of  storage  systems  research.  For  the 
latter,  researchers  are  using  an  unspecified 
magnetic  technology  that  could  store  a  peta¬ 
byte  of  data  in  a  standard  1U  rack  unit.  Expect 
that  in  three  years,  Hillsberg  said. 

Storage  Class  Memory:  IBM  thinks  “race¬ 
track”  technology  will  pave  the  way  for  Stor¬ 
age  Class  Memory,  which  will  be  nearly  as 
fast  as  today’s  memory  but  be  able  to  scale 
up  to  enterprise  storage  capacity.  It’s  so  dense 
that  it  could  allow  a  portable  music  player  to 
hold  500,000  songs. 

With  Storage  Class  Memory,  the  amount  of 
space  and  power  required  to  store  large  enter¬ 
prise  data  sets  could  shrink  dramatically  by 
2020.  What  would  take  1,250  racks  of  hard 
disk  drives  today  could  be  stored  in  one  rack, 
with  less  than  one-third  the  energy,  Hillsberg 
said.  The  medium  will  also  last  longer  than 
the  flash  SSDs  (solid-state  drives)  now  used 
for  fast  storage,  he  said. 

A  petabyte  in  a  rack  unit:  The  other  device 
IBM  is  working  on,  which  it  called  simply  the 
“petabyte  storage  device,”  would  be  designed 
to  store  data  for  as  long  as  50  years  without 
the  need  for  migration  to  another  medium, 
Hillsberg  said.  Moving  content  from  one 
device  to  a  newer  generation  of  hardware 
costs  money  and  time  and  can  introduce 
record-keeping  errors,  he  said. 

Without  giving  more  details  about  the 
device,  Hillsberg  said  it  would  have  some 
moving  parts  but  not  as  many  as  a  tape  library, 


the  typical  solution  for  long-term  archiving 
today.  He  envisions  it  being  used  not  as  a 
replacement  for  tape  but  in  conjunction  with 
it,  possibly  to  provide  access  to  archived  data 
over  a  cloud  infrastructure. 

Hollywood’s  storage  woes:  The  movie  indus¬ 
try  is  now  grappling  with  dramatically  larger 
data  sets  on  the  scale  that  the  petabyte  device  is 
designed  to  address,  according  to  Peter  Ward, 
a  digital  entertainment  consultant  and  former 
senior  vice  president  of  Sony  Pictures  Enter¬ 
tainment.  As  filmmakers  gradually  swap  reels 
of  film  for  SSDs,  a  day  of  shooting  can  generate 
hundreds  of  terabytes  of  data,  Ward  said.  The 
2011  Facebook  drama  “The  Social  Network”  is 
one  recent  film  that  was  shot  digitally,  he  said. 

That  data  has  to  be  stored  and  secured  on 
location  and  sent  each  day  to  post-produc¬ 
tion  facilities,  which  is  done  by  transferring 
it  to  tape  and  physically  shipping  it,  because 
networks  aren’t  fast  enough.  Ward  said.  The 
footage  and  associated  metadata  is  used 
throughout  the  editing  of  the  movie,  and  is 
then  compressed  into  formats  for  use  in  the¬ 
aters  and  homes.  But  studios  want  to  keep  all 


the  original  footage,  just  as  they  used  to  keep 
the  uncut  film,  to  use  years  later  for  sequels 
and  other  projects,  he  said.  A  3D  movie  may 
take  up  1  petabyte  of  capacity,  and  the  indus¬ 
try  is  still  working  on  how  to  handle  that. 

“There  isn’t  a  digital  archival  media  that 
meets  the  archivists’  standards,”  Ward  said. 

Healthcare  data  demand:  The  healthcare 
industry  is  facing  the  prospect  of  even  more 
data  than  the  entertainment  business,  accord¬ 
ing  to  Paul  Markham,  vice  president  of 
global  strategy  and  marketing  at  TeraMed- 
ica.  On  Thursday,  his  company  introduced 
a  medical  archiving  system  based  on  IBM 
hardware  and  software.  The  medical  records 
of  a  patient  in  the  U.S.  represent  on  average 
about  1  terabyte  of  data  today,  and  one  300- 
bed  hospital  may  generate  30  terabytes  of 
data  per  year,  Markham  said.  Those  figures 
will  only  grow  with  higher-resolution  medi¬ 
cal  imaging,  he  said. 

“It’s  such  a  tsunami  of  data,  they  just  don’t 
know  what  to  do  with  it,”  Markham  said.  He 
believes  the  future  technologies  IBM  envi¬ 
sions  will  be  necessary  to  keep  up.  S 


IBM,  3M  team  to  glue  together  high-powered 
silicon  bricks  for  servers,  smartphones 

IBM  and  3M  last  week  said  they  will  jointly  develop  a  new  line 
of  adhesives  they  hope  will  let  them  make  it  possible  to  build 
commercial  microprocessors  composed  of  layers  of  up  to  100 
separate  chips. 

Such  stacking  would  allow  for  higher-powered  servers  and 
more  advanced  consumer  electronics  applications,  the  compa¬ 
nies  stated.  Processors  could  be  tightly  packed  with  memory  and 
networking,  for  example,  into  a  “brick"  of  silicon  that  would  create 
a  computer  chip  1,000  times  faster  than  today’s  fastest  micropro¬ 
cessor  enabling  more  powerful  smartphones,  tablets,  computers  and  gaming  devices. 

The  companies  say  new  adhesives  are  needed  that  can  efficiently  conduct  heat 
through  a  densely  packed  stack  of  chips  and  away  from  heat-sensitive  components 
such  as  logic  circuits.  3M  and  IBM  plan  to  develop  adhesives  that  can  be  applied  to 
silicon  wafers,  coating  hundreds  or  even  thousands  of  chips  at  a  single  time. 

“Today’s  chips,  including  those  containing  ‘3D’  transistors,  are  in  fact  2D  chips  that 
are  still  very  flat  structures,"  Bernard  Meyerson,  vice  president  of  research  for  IBM, 
said  in  a  statement.  “Our  scientists  are  aiming  to  develop  materials  that  will  allow  us 
to  package  tremendous  amounts  of  computing  power  into  a  new  form  factor  —  a  sili¬ 
con  ‘skyscraper.’  We  believe  we  can  advance  the  state-of-art  in  packaging,  and  create 
a  new  class  of  semiconductors  that  offer  more  speed  and  capabilities  while  they  keep 
power  usage  low  —  key  requirements  for  many  manufacturers,  especially  for  makers 
of  tablets  and  smartphones.” 

Under  the  agreement,  IBM  will  focus  on  creating  unique  semiconductor  packaging 
processes,  and  3M  will  develop  and  manufacture  new  adhesives. 

—  Michael  Cooney 
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TREND  ANALYSIS 


HIPAA  will  bite  over  healthcare  privacy  blunders 


Top  10  healthcare  data  breaches 

These  are  the  10  data  breaches  that  affected  the  most  individuals  nationwide,  according 
to  the  U.S.  Health  and  Human  Services  Office  for  Civil  Rights,  which  has  been  enforcing 
HIPAA  regulations  since  July  2009. 

1.  Health  Net  Inc.,  Calif.  -  1.9  million  ©UNKNOWN 

2.  Eisenhower  Medical  Center,  Calif.  -  514,330  ©COMPUTER  THEFT 

3.  Spartanburg  Regional  Health,  S.C.  -  400,000  ©COMPUTER  THEFT 

4.  Accendo,  Ariz.  -  175,350  ©  UNAUTHORIZED  ACCESS/DISCLOSURE  OF  PAPER  RECORDS 

5.  Midstate  Medical  Center,  Conn.  -  93,500  ©LOSS  OF  HARD  DRIVES 

6.  Ohio  Health  Plans,  Ohio  -  78,042  ©LAPTOP  THEFT 

7.  MMM  Health  Care,  Puerto  Rico  -  29,143  ©COMPUTER  THEFT 

8.  PMC  Medical  Choice,  Puerto  Rico  -  22,568  ©COMPUTER  THEFT 

9.  Reid  Hospital  and  Health,  Ind.  -  22,001  ©LAPTOP  THEFT 

10.  Green  River  District  Health,  Ky.  -  18,871  ©  HACKING  OF  NETWORK  SERVER 


BYTIM  GREENE  AND  ELLEN  MESSMER 

HEALTHCARE  ORGANIZATIONS  that 
are  performing  risk  assessments  as  a  way  to 
craft  patient-privacy  policies  might  want  to 
consider  a  new  potential  attack  vector:  federal 
regulators. 

Later  this  year,  the  Department  of  Health 
and  Human  Services  is  expected  to  start 
auditing  up  to  150  health  providers  at  ran¬ 
dom  through  December  2012  in  an  effort  to 
find  medical  entities  that  fail  to  comply  with 
HIPAA  and  HITECH  regulations  about  how 
personal  data  must  be  handled  securely. 

While  the  audits  don’t  represent  attacks 
on  the  personally  identifiable  information 
(PII)  the  regulations  are  supposed  to  protect, 
they  do  expose  noncompliant  providers  to 
the  potential  for  heavy  fines  and  reputation¬ 
damaging  publicity. 

For  instance,  earlier  this  year  Massachu¬ 
setts  General  Hospital  paid  $1  million  to 
settle  a  patient-privacy  complaint  with  HHS 
due  to  an  employee  leaving  patient  records  in 
a  subway  car. 

That’s  a  big  switch  from  the  way  healthcare 
privacy  regulations  have  been  handled  since 
2003,  says  Abner  Weintraub,  president  of 
HIPAA  Group,  a  compliance  consultancy 
to  healthcare  organizations.  Until  this  year, 
HHS  had  received  about  50,000  complaints 
but  levied  no  fines,  preferring  to  take  reme¬ 
dial  actions  instead,  he  says. 

Levying  fines  now  has  an  upside  for  HHS, 
says  Kelly  Hagan,  a  healthcare  attorney  with 
law  firm  Schwabe,  Williamson  &  Wyatt  in 
Portland,  Ore.:  The  agency  gets  a  cut  of  what¬ 
ever  fines  are  levied.  That,  combined  with  the 
proactive  auditing,  marks  a  sea  change  for 
what  healthcare  CIOs  and  CISOs  face  when 
dealing  with  HIPAA.  “Suddenly  HIPAA  has 
teeth  and  is  willing  to  bite,”  Hagan  says. 

Despite  this,  instances  of  healthcare  data 
breaches  continue  to  flourish.  Last  year,  HHS 
received  207  reports  of  breaches  involving 
more  than  500  individuals,  according  to  a 
report  to  Congress  last  week.  And  there  are 
growing  incentives  for  criminals  to  focus  on 
health  record  theft,  Weintraub  says.  Patient 
data  can  be  sold  to  criminals  interested  in 
perpetrating  identity  theft,  he  says,  but  more 
lucrative  are  schemes  to  commit  medical 
identity  theft. 

That’s  when  stolen  patient  data  is  used  to 
obtain  medical  care  for  someone  else,  which 
not  only  bilks  insurers  but  also  taints  the 
medical  record  of  the  individual  whose  iden¬ 
tity  is  stolen  by  inserting  records  of  treat¬ 
ments  and  tests  the  victim  never  received. 


Medical  organizations  need  to  think  of 
themselves  not  as  repositories  of  neutral  data 
but  as  protectors  of  valuable  assets,  Weintraub 
says.  “Rather  than  a  library,  they  have  to  think 
of  themselves  as  running  a  bank,”  he  says,  and 
that  may  include  using  security  cameras  and 
guards  to  defend  certain  records. 

While  some  of  the  challenges  healthcare  IT 
executives  face  are  technical,  many  medical 
applications,  by  nature,  require  low  latency 
and  sharing  of  PII.  So  the  network  environ¬ 
ment  makes  it  somewhat  hard  to  apply  secu¬ 
rity  controls  such  as  firewalls,  which  can  slow 
things  down  and  create  performance  issues 
for  imaging  applications,  says  Jeff  Bills,  vice 
president  of  IT  at  Solutions  Healthcare  Man¬ 
agement,  a  consultancy  and  technology  pro¬ 
vider  headquartered  in  Indianapolis. 

But  many  of  the  security  issues  have  to  do 
with  people.  Data  breaches  may  be  the  fault 
of  staff  or  of  business  associates  working  on 
behalf  of  a  healthcare  provider,  says  Amit 
Trevedi,  healthcare  program  manager  at 
ICSA  Labs.  “Data  breaches  are  often  a  result 
of  breakdown  of  processes  and  controls,  or 
lack  of  them  altogether,”  he  says. 

In  talking  to  his  clients,  Bills  warns  about 
employees  as  a  risk.  “What  we  try  to  drill  into 
them  is  that  you  can  put  up  all  the  firewalls, 
anti-malware  and  intrusion  prevention  you 
want  for  the  outside  of  your  network,  but  you 
are  your  own  enemy  on  the  inside  of  your  net¬ 
work,”  he  says. 


While  it  falls  outside  the  traditional  pur¬ 
view  of  IT  executives,  training  of  staff  and 
creating  an  atmosphere  of  privacy  must  be 
addressed  to  meet  HIPAA  regulations.  Poli¬ 
cies  and  procedures  for  dealing  with  PII  are 
essential,  Weintraub  says. 

That  requires  the  help  of  healthcare  execu¬ 
tives  and  human  resources  departments,  says 
Susan  Patton,  a  healthcare  attorney  with  But- 
zel  Long  in  Detroit.  “There’s  a  limit  to  what  IT 
can  do  when  the  problems  are  really  caused 
by  human  mistake,”  she  says.  “It’s  hard  to  fix 
human  nature  with  IT.” 

She  advocates  creation  of  a  culture  of  con¬ 
fidentiality.  “Privacy  must  be  seared  into  that 
part  of  the  brain  used  for  dealing  with  the 
patient,”  she  says. 

Which  is  pretty  much  what  HIPAA  calls 
for,  Weintraub  says.  The  policies  and  pro¬ 
cedures  that  the  law  requires  healthcare 
organizations  to  write  must  also  be  taught  to 
employees  in  a  way  they  can  understand  and 
put  in  practice,  he  says. 

Meanwhile,  the  IT  staff  should  focus  on  gen¬ 
eral  security  best  practices  that  are  applied  in 
all  industries  rather  than  trying  to  craft  prac¬ 
tices  to  satisfy  HIPAA,  because  the  two  over¬ 
lap  greatly,  he  says.  “If  you’ve  done  everything 
you  should  be  doing  anyway  to  protect  your 
network  and  data,  you’re  going  to  be  largely 
compliant  with  HIPAA  from  the  get-go,”  he 
says.  “The  challenges  are  still  the  same  old  set 
of  vulnerabilities  and  ignorance.”  ■ 
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TOOLS 


Snagging  the  video 
we  paid  for 


friend  involved  in  a  business 

development  project  recently  asked 
me  whether  there  was  a  way  he  could 
save  a  tiny  part  of  a  long  webcast 
created  during  a  government  agency 
meeting  that  was  archived  on  a  third- 
party  website. 


■  n  w 


The  webcast,  provided  by  an  agency  using 
our  tax  dollars,  had  been  streamed  live  and 
for  free.  But  after  the  event  the  only  way  to 
view  it  was  via  a  private  company  that  pro¬ 
vides  playback  for  a  not  insignificant  price 
(exactly  how  you  justify  charging  for  and 
profiting  from  something  the  public  paid  for 
is  not  quite  clear  to  me). 

My  friend’s  problem  was  he  only  needed 
a  short  segment  of  the  webcast,  which  was 
many  hours  long.  Because  the  people  he 
needed  to  discuss  the  content  with  would, 
most  likely,  not  be  near  an  Internet  connec¬ 
tion  when  he  met  with  them,  he  needed  to 
save  the  segment.  So,  my  friend  purchased 
access  to  the  archived  content  and  thus  his 
question  about  how  to  make  a  copy. 

Now,  if  there’s  one  area  of  multimedia 
technology  that  has  achieved  a  level  of  mind- 
boggling  complexity  it  is  video,  and  when  a 
customized  player  is  in  use  you  have  to  delve 
into  the  code  on  the  page  to  find  where  the 
stream  comes  from  and  what  it’s  called.  Just 
to  make  things  even  more  difficult,  the  server 
name,  the  file  location  and  the  file  name  aren’t 
necessarily  in  a  single  location  in  the  code. 

Not  wanting  to  get  my  hands  dirty,  I 
advised  him  to  load  the  page  with  the  video 
playing  and  from  the  toolbar  select  “View  | 
Page  Source.” 

Now  we  had  to  identify  the  protocol  used 
to  transport  the  stream.  As  many  companies 
use  Adobe  products  for  this  kind  of  delivery 
it  was  worth  searching  for  “flash,”  which  he 
found  immediately,  and  right  next  to  that  he 
found  the  path  to  and  the  name  of  the  file. 

The  file  had  an  MP4  extension  which 
meant  it  was  a  multimedia  container  using 
an  MwPEG-4  Part  14  format.  MP4  is  a 


“wrapper”  that  Mark  Gibbs’  Gearhead 

encapsulates 

video  and  audio  streams  and  is  based  on 
Apple’s  QuickTime  format. 

Flash  uses  Real  Time  Messaging  Protocol 
(RTMP),  which  is  a  pretty  sophisticated 
TCP-based  streaming  protocol,  so  it  was 
a  good  bet  that  an  open  source  tool  called 
rtmpdump  might  do  the  job. 

I  got  my  friend  to  download  the  tool  (it  is 
in  a  .zip  file)  and  unpack  it  into  a  subdirec¬ 
tory.  Then  he  just  needed  to  open  a  com¬ 
mand  window,  move  to  the  subdirectory  the 
tool  was  in,  and  run  the  software  with  a  few 
command  line  options.  For  a  full  list  of  the 
options,  enter  “rtmpdump  -?” 

The  first  argument  my  friend  needed  was 
“-r”  followed  by  the  URL  of  the  file  (we  had 
to  sleuth  around  a  bit  more  to  find  the  server 
name).  Then,  to  specify  where  the  streamed 
data  should  be  saved,  came  “-o”  followed  by 
the  name  of  the  output  file.  My  friend  put  all 
this  together  and  the  result  looked  like  this: 


C:\rtmpdump>rtmpdump  -r  "rtmp:// 
someserver.com/somefile.mp4"  -o  saved. 
mp4 

RTMPDump  2.4  git-b627335  2011-7-23 
(c)  2010  Andrej  Stepanchuk,  Howard 
Chu,  The  Flvstreamer  Team;  license:  GPL 
Connecting ... 

INFO:  Connected... 

Starting  download  at:  0.000  kB 
INFO:  Metadata: 

INFO:  trackinfo: 

(lots  of  very  detailed  info) 

1331453.865  kB  /  42558.12  sec  (99.9%) 
Download  complete 
C:\rtmpdump> 

It  took  hours  —  in  fact  the  full  running 
time  of  the  webcast  —  but  eventually  my 
friend  had  a  full  copy.  All  he  had  left  to  do 
was  load  that  into  a  video  editor  and  clip  out 
the  segment  he  needed.  Next  time  we  do  it 
from  the  live  stream  it’ll  be  much  easier. 

Rtmpdump  is  actually  very  powerful 
and  can  do  much  more  than  just  what  my 
friend  needed;  it  gets  a  rating  of  4  out  of  S 
because  it  is  a  command  line  tool  and  the 
documentation  is  rather  terse  so  you  wind 
up  experimenting  a  lot.  A  great  tool  all 
the  same!  ■ 

Gibbs  advises  in  Ventura,  Calif.  Your  council 
to  gearhead@gibbs.com. 
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Data  Security  via 
Desktop  Virtualization 

By  centralizing  virtual  desktops  and  data,  companies  can  protect 
sensitive  information  while  giving  users  more  flexibility  and  choice. 


What  are  the  main  security  "pressure 
points"  corporate  and  government 
organizations  face  today? 

The  top  three  are  the  consumerization  of  IT, 
cloud  computing  and  a  wildly  evolved  threat 
landscape.  Consumers  today  are  bringing  their 
own  devices  into  the  workforce,  selecting  their 
own  applications  and  making  other  decisions 
that  IT  departments  used  to  make.  Consumer¬ 
ization  changes  fundamental  security  assump¬ 
tions  and  really  shakes  the  foundation  that 
IT  security  has  been  built  upon.  As  for  cloud 
computing,  the  fearmongers  who  state  that 
the  cloud  is  the  end  of  security  are  wrong.  The 
cloud  can  give  us  a  needed  restart  to  do  secu¬ 
rity  right— taking  into  account  how  people  are 
using  today’s  computing  technologies  while 
protecting  sensitive  data  and  privacy.  Finally, 
on  the  threat  landscape,  we’re  seeing  that  cur¬ 
rent  attempts  at  data  exfiltration  are  highly  suc¬ 
cessful.  The  old  security  model  that  protects 
primarily  against  malicious  access  attempts  is 
woefully  inadequate  to  mitigate  vulnerabilities 
once  access  has  been  granted. 

What  is  desktop  virtualization,  and  how 
can  it  increase  IT  security? 

With  desktop  virtualization,  you  can  take  a 
familiar  desktop  PC  or  laptop  environment, 
virtualize  all  its  applications  and  the  desktop 
interface  itself  and  run  everything  on  server- 
based  virtual  machines  in  the  data  center  or  in 
the  cloud.  Users  can  then  access  their  virtual¬ 
ized  desktops  with  various  client  devices, 
including  PCs,  tablets  and  smartphones.  Every 
user  can  be  strongly  authenticated  into  the 
virtualized  desktop  environment.  All  data  that 
goes  back  and  forth  between  the  client  devices 
and  any  virtualized  desktops  or  applications  is 
natively  encrypted.  Along  with  that,  every¬ 
thing— including  transactions  and  access— is 
completely  logged. 

One  of  the  primary  advantages  of  desktop 
virtualization  is  its  ability  to  keep  sensitive 
data  in  the  data  center.  Data  owners  can  ensure 
consistency,  backup,  disaster  recovery,  avail¬ 
ability  and  the  ability  to  make  endpoint  storage 


of  sensitive  data  irrelevant.  This  eliminates  a 
common  point  of  loss  and  the  need  for  breach 
notification  if  somebody  loses  their  device. 
Moreover,  offline  and  local  compute  usage 
models  are  available  that  enable  both  seamless 
access  to  public  data  and  strong  protection  of 
sensitive  data. 

How  can  the  deployment  of  desktop 
virtualization  simplify  and  enhance  the 
job  of  security  professionals? 

With  distributed  computing,  IT  had  no  idea 
of  what  sensitive  data  was  on  somebody’s  lap¬ 
top,  so  it  had  to  manage  every  laptop  as  if 
it  had  sensitive  data.  With  virtualization  in 
place,  security  measures  and  policies  ensure 
that  data  access  and  distribution  are  appro¬ 
priate  to  risk.  Security  managers  can  define 
policies  that  are  very  granular  to  make  sure 
everything  is  encrypted  and  continually 
monitored.  Data  leakage  protection  (DLP) 
and  other  advanced  security  measures  can  be 
enabled  for  a  particularly  sensitive  applica¬ 
tion  simply  through  integration  of  DIP  into 
the  data  center— without  the  need  to  install  a 
data  leakage  client  on  everybody’s  personal 
device.  By  centralizing  the  data,  the  desktops 
and  the  applications,  IT  can  focus  on  watching 
the  vault,  as  opposed  to  having  to  watch  for  all 
sensitive  resources  on  all  the  computers  that 
could  potentially  access  it. 

How  can  the  deployment  of  desktop 
virtualization  benefit  employees  and 
other  consumers  of  corporate  data  and 
applications? 

Desktop  virtualization  removes  the  need  for 
all  consumers  to  be  their  own  IT  manager  and 
their  own  security  officer.  By  automating  data 
protection  and  freeing  users  from  mundane 
and  time-consuming  data  management  re¬ 
sponsibilities,  desktop  virtualization  makes  for 
greater  productivity  and  happier  users.  It  gives 
them  more  freedom  of  choice  to  use  multiple 
devices  and  also  enables  “workshifting,”  the 
ability  to  work  anywhere,  from  any  device  and 
in  any  situation.  Securely. 


Free  your  workforce.  Control  what  matters. 


Work  anywhere.  On  any  device.  We  call  that  virtual  computing. 


And  it’s  driven  by  virtualization  technologies  that  give  you  both 
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computing  model.  Give  IT 


control  over  what 


truly  matters-delivering 


desktops,  applications 


and  data.  Securely. 


Say  yes  to  users  who  need 


to  work  whenever,  on  any  device  they  choose. 
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Two  tools  that  can  kill 
dead  spots 

Cool  Tools 


Keith  Shaw’s 


Amplifi 
PowerLine  AV 
500  4- Port 
Gigabit  Switch 

by  D-Link,  about  $200 


of  the  devices.  If  you  want  to  use  the  device  in 
a  small  office  setting,  you  could  connect  four 
computers  to  the  adapter  and  run  it  through 
the  powerline  network,  although  I  think  most 
people  will  use  this  for  home  entertainment 
data  devices. 

►  Some  caveats:  The  system  does  require 
purchasing  an  additional  powerline  adapter 
(the  $100  DHP-SOOAV)  that  needs  to 
connect  to  your  home  router  —  you  can 
purchase  that  separately  or  buy  the  $160 
DHP-501AV  PowerLine  AV500  Adapter 
Starter  Kit,  which  includes  two  adapters  (one 
for  the  router,  one  extra  one). 

►  Grade  ★★★★■*  (out  of  five). 


THE 

SCOOP 


►  What  it  is:  Like  other  powerline  net¬ 
working  equipment,  this  device  can  turn 
power  outlets  into  an  Ethernet  port,  using 
electrical  wiring  to  create  a  data  network. 
Unlike  other  powerline  adapters,  this  model 
(DHP-500)  includes  four  Gigabit  Ethernet 
ports  that  can  then  attach  to  the  powerline 
network  (other  adapters  basically  include 
one  Ethernet  port).  The  system  includes  QoS 
Traffic  Optimization  and  advanced  software 
for  prioritizing  high-bandwidth  traffic  for 
those  who  require  it. 

►  Why  it's  cool:  The  growth  of 
connected  devices  in  the  home 
with  Ethernet  connectivity  (TVs, 

Blu-ray  players,  game  consoles)  has 
led  to  a  situation  where  in  certain 
locations  (such  as  your  living  room), 
you  have  multiple  devices  in  the  same 
location  all  needing  Ethernet  connectiv¬ 
ity.  If  such  a  location  happens  to  be  in  an 
area  where  wireless  coverage  is  spotty  (dead 
spots,  or  for  devices  that  don’t  include  a  Wi-Fi 
adapter),  this  adapter  offers  a  solution.  In  my 
case,  I  could  attach  my  Internet-capable  TV, 
two  game  consoles  and  a  Roku  streaming 
media  player  to  the  DHP-500  and  get  Gigabit 
Ethernet  connectivity  (up  to  500Mbps)  for  all 


Linksys  RE1000 
Wireless-N 
Range 
Extender/ 
Bridge 

by  Cisco,  about  $90 

►  What  it  is:  This  device  will  extend  the 
range  of  your  802.11n  home  wireless  network 


or  provide  additional  wireless  strength  for 
dead  spots  within  the  home.  The  device  plugs 
into  any  power  outlet  in  your  home  within 
range  of  the  existing  network  —  after  it’s 
configured,  it  then  provides  additional  signal 
strength  and  range.  The  device  supports 
existing  wireless  security  standards,  so  if 
your  network  expands  its  range,  you  can  still 
secure  it  like  your  original  network. 

►  Why  it’s  cool:  In  my  case,  there’s  a  small 
area  in  my  living  room  where  there  seems  to 
be  a  wireless  dead  spot  —  whether  it’s  caused 
by  walls,  devices  or  furniture,  at  times  I  get 

a  weak  signal.  It  also  happens  to  be  in  the 
area  where  we  use  devices  like  the  iPad  or 
my  notebook,  which  require  a  good  wireless 
signal.  Plugging  in  the  REIOOO  about  half¬ 
way  between  this  dead  spot  and  the  router  (it 
sits  in  the  basement),  I  was  able  to  get  a  good 
wireless  signal  and  eliminate  this  dead  spot. 
The  device  can  also  act  as  a  wireless  bridge 
(there’s  an  Ethernet  port  at  the  bottom  of  the 
extender)  for  clients  that  don’t  have  Wi-Fi. 

►  Some  caveats:  After  the  initial  configura¬ 
tion,  some  of  my  client  devices  (iPad,  note¬ 
books,  etc.)  had  some  difficulties  connecting 
to  the  network,  but  these  problems  seemed  to 
go  away  after  a  few  days. 

►  Grade  ★★★★★ 


Shaw  can  be  reached  at 
kshaw@nww.com. 


The  Linksys  REIOOO  was  able 
to  extend  the  range  of  existing 
802.11n  home  wireless  networks. 
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CLEAR  CHOICE  TEST:  DATA  DEDUPLICATION 
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Eight  products  that  cut  stora 
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FalconStor 


BY  LOGAN  G.HARBAUGH 

Backing  up  servers  and  worksta¬ 
tions  to  tape  can  be  a  cumber¬ 
some  process,  and  restoring  data 
from  tape  even  more  so.  While 
backing  up  to  disk-based  stor¬ 
age  is  faster  and  easier,  and  probably  more 
reliable,  it  also  can  be  more  expensive. 

One  way  to  get  the  best  of  both  worlds  is  to 
back  up  to  disk-based  storage  that  uses  dedu¬ 
plication,  which  increases  efficiency  by  only 
storing  one  copy  of  a  thing. 

While  the  process  was  originally  used  at 
the  file  level,  many  products  now  work  at 
the  block  or  sub-block  (chunk)  level,  which 
means  that  even  files  that  are  mostly  the 
same  can  be  deduplicated,  saving  the  space 
consumed  by  the  parts  that  are  the  same. 

For  instance,  say  someone  opens  a  docu¬ 
ment  and  makes  a  few  changes,  then  sends 
the  new  version  to  a  dozen  people.  With  file- 
level  deduplication,  the  old  and  new  versions 
are  different  files,  though  only  one  copy  of 
the  new  version  is  stored.  With  block-level  or 
sub-block-level  deduplication,  only  the  first 
document  and  the  changes  between  the  first 
document  and  the  second  are  stored. 

There  is  some  debate  about  the  optimum 
process  —  deduplication  of  files  is  not  very 
efficient;  blocks,  more  so;  chunks  even  more 
so.  However,  the  smaller  the  chunks,  the  more 
processing  is  involved.  Some  systems  use 
variable  size  chunks  to  tune  this,  depending 
on  the  type  of  data  being  stored. 

The  good  news  is  that  deduplication  works 
well.  In  our  tests,  all  of  the  products  were  able 
to  create  a  second  copy  of  a  volume  and  use 
less  than  1%  additional  space,  and  to  back 
up  a  copy  of  the  test  volume  with  4,552  files 
changed  totaling  31.7GB  and  use  no  more 
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than  32GB  of  additional  space  —  in  some 
cases  a  good  deal  less  than  32GB. 

Deduplication  was  originally  used  only 
for  backups  —  since  backups  tend  to  be  run 
regularly  and  usually  contain  mostly  the 
same  data  as  the  last  backup,  very  high  effi¬ 
ciencies  can  be  obtained  with  deduplication. 
Now,  however,  deduplication  is  beginning  to 
be  seen  in  primary  storage  and  other  appli¬ 
cations  as  well,  such  as  the  deduplication  of 
snapshots  and  replication. 

There  are  two  main  types  of  deduplication, 
in-line  and  post-processing.  In-line  looks  at 
data  as  it  is  sent  to  the  storage  system,  and 
only  stores  a  file  if  it  is  not  already  on  the  sys¬ 
tem.  Post-processing  stores  the  file  immedi¬ 
ately  and  then  scans  all  the  data  on  the  sys¬ 
tem  at  regular  intervals  to  find  and  remove 
duplicate  chunks  of  data. 

In-line  requires  less  storage,  while  post-pro¬ 
cessing  requires  a  “landing  area”  where  data 
can  be  stored  until  it  is  deduplicated.  Since  it 
must  handle  high-speed  streams  of  data,  in¬ 
line  requires  considerably  more  processing 
power,  which  is  expensive,  while  storage  space 
is  relatively  cheap.  Post-processing  might  be 
scheduled  for  once  a  day,  following  the  end  of 
the  backup  window.  Since  the  deduplication 
storage  isn’t  typically  used  for  anything  other 
than  backups,  this  doesn’t  impact  users. 

Many  companies  no  longer  run  backups  of 
data  directly  —  if  a  database  is  in  use,  it  must 
be  locked  to  run  a  backup.  With  the  24/7  avail¬ 
ability  requirements  many  businesses  have, 
the  simpler  process  is  to  take  a  snapshot  of  the 
data  or  use  the  replication  capability  of  SAN 
storage,  then  run  a  backup  from  the  snapshot 
or  replica.  Some  vendors  have  added  dedupli¬ 
cation  to  the  snapshot  and  replication  func¬ 
tions  of  their  storage,  so  that  only  the  differ¬ 
ences  (deltas)  between  the  last  snapshot  and 
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NetApp 
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$25,000 

$62,000 

Easy  setup, 
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of  storage, 
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easy  to  setup 

No  major  flaws  Less-efficient 

deduplication 


the  current  one  are  stored.  This  makes  it  pos¬ 
sible  to  take  regular  snapshots  of  data  without 
increasing  the  space  required  very  much. 

The  snapshots  or  replication  are  added 
features  that  may  then  be  used  to  restore  files 
deleted  accidentally,  which  is  much  faster  than 
restoring  from  a  backup.  Some  organizations 
may  even  decide  to  use  snapshot  or  replication 
instead  of  backups.  The  difficulty  here  is  that 
SAN  storage  is  often  expensive,  and  snap¬ 
shots  of  replication  is  an  added  feature  with 
extra  licensing  costs.  Backup  appliances  with 
deduplication  can  be  a  less  expensive  way  of 
protecting  data. 

Finally,  vendors  are  beginning  to  bring 
deduplication  technology  to  primary  storage. 
This  is  a  more  complex  process  than  dedupli¬ 
cating  backups.  A  backup  is  written  once  and 
then  not  changed,  while  primary  storage  has 
many  users  making  changes  throughout  the 
day.  Keeping  track  of  files  in  use,  ensuring 
that  duplicate  files  aren’t  lost  if  the  “original” 
is  deleted,  and  redundancy  for  the  index¬ 
ing  system  so  that  a  loss  of  data  in  the  index 
doesn’t  lose  user  data  are  all  problems  that 
are  not  simple  to  solve. 

An  issue  with  deduplication  generally  is 
that  as  the  size  of  the  data  being  deduplicated 
grows,  the  amount  of  memory  necessary 
to  process  the  files  or  blocks  generally  also 
grows,  which  can  limit  the  overall  size  of  a 
system.  This  may  mean  that  it  is  simpler  to 
have  a  backup  appliance  for  every  few  serv¬ 
ers  rather  than  one  large  backup  appliance 
for  all  servers. 

It  also  can  be  difficult  to  estimate  the  actual 
capacity  of  a  deduplication  appliance.  If  the 
data  being  stored  is  mostly  the  same,  and  is 
also  compressible,  it  is  quite  possible  to  get 
20TB  to  100TB  of  data  into  a  system  with  four 
2TB  drives  (raw  capacity  of  6TB  with  RAID). 

On  the  other  hand,  if  the  data  being 
backed  up  is  usually  different  from  backup 
to  backup,  and  not  very  compressible  —  an 
extreme  example  would  be  video  files  (which 
are  already  compressed)  that  change  daily 
—  then  there  might  be  very  little  gain  from 
deduplication. 

We  tested  seven  systems:  five  backup 
appliances,  the  Barracuda  Backup  Service 
Model  690,  ExaGrid  Disk-based  Backup 
System  ExlOOOOE,  FalconStor  File-inter- 
face  Deduplication  System  Appliance  FS- 
FDSSA101R1A,  HP  StoreOnce  Backup  Sys¬ 
tem  D2D4324  and  Quantum  DXi4520  Disk 
Deduplication  Backup  Appliance;  and  two 
online  systems,  the  NetApp  FAS  2040  Sys¬ 
tem  and  the  Xiotech  File  Storage  Controller. 


We  also  used  a  Compellent  SAN  system  that 
uses  deduplication  for  replicas  and  snap¬ 
shots  as  part  of  our  test  bed.  Although  we 
didn’t  test  the  Compellent  system  in  the  same 
way  we  tested  the  others,  we  determined  that 
it  does  provide  effective  deduplication,  and 
we  included  our  findings  on  Compellent  in 
our  scorecard. 

Our  Clear  Choice  test  winner  is  HP,  which 
delivered  the  Cadillac  of  data  deduplication 
products  —  it  was  the  highest  priced,  but 
also  had  the  highest  capacity  and  fastest 
performance.  Other  strong  performers  were 
Compellent,  which  was  fast  and  efficient,  and 
ExaGrid,  which  delivered  high-performance 
clustering  and  enterprise-class  features. 

The  test  bed  consisted  of  a  Windows 
2008R2  server  connected  to  two  Fibre  Chan¬ 
nel  volumes  (actually  snapshots  of  the  same 
600GB  volume  about  four  months  apart),  run¬ 
ning  Symantec  Netbackup  7.0.  Each  appliance 
was  used  to  create  a  backup  of  the  first  volume, 
a  second  full  backup  of  the  first  volume  (which 
should  have  used  very  little  additional  space, 
since  all  the  files  were  the  same),  and  then  a 
full  backup  of  the  second  snapshot  of  the  vol¬ 
ume,  which  had  4,552  files  either  changed  or 
added,  totaling  about  32GB. 

The  test  results  were  encouraging:  All  of 
the  products  were  able  to  deduplicate  the 
volumes  and  produce  additional  backups 
that  used  very  little  additional  space.  The 
times  to  complete  the  deduplication  varied, 
and  were  generally  inversely  proportional 
to  cost.  Appliances  with  in-line  deduplica¬ 
tion  were  able  to  complete  the  backups  and 
deduplication  very  quickly. 

If  you’re  only  backing  up  a  few  servers  and 
are  more  concerned  with  costs  and  retaining 
multiple  copies  of  files  in  case  of  user  error, 
you  can  do  this  for  less  than  $15,000.  If  you 
need  to  back  up  large  numbers  of  servers  and 
need  high  levels  of  throughput  and  to  back  up 
systems  around  the  clock  where  long  post¬ 
processing  times  might  be  an  issue,  this  can  be 
done  for  prices  starting  at  around  $50,000. 

Another  piece  of  good  news:  The  setup  and 
operation  of  these  appliances  generally  was 
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very  simple.  All  were  connected  via  Ethernet 
as  either  an  iSCSI  or  CIFS  volume,  or  via  Fibre 
Channel.  All  supported  the  Netback  Open 
Storage  Technology  (OST)  protocol  for  accel¬ 
erated  backups. 

The  time  it  took  to  complete  a  backup  was 
measured  only  as  the  total  time  to  finish  a 
backup  and  then  deduplicate  it.  Since  dedu¬ 
plication  is  usually  scheduled  for  an  off-hours 
period,  this  sometimes  involved  waiting  until 
the  backup  completed,  then  manually  initiat¬ 
ing  deduplication. 

Time  to  complete  a  backup  by  itself  was  not 
considered  in  scoring,  since  all  the  systems 
tested  were  capable  of  saturating  a  single 
connection,  whether  Gigabit  Ethernet  or  4G 
Fibre  Channel,  which  means  that  backup  per¬ 
formance  was  limited  by  the  connection,  not 
the  appliance. 

The  two  online  storage  systems  from 
NetApp  and  Xiotech  take  different 
approaches.  NetApp  is  a  stand-alone  appli¬ 
ance  intended  to  be  used  as  a  NAS  system, 
while  the  Xiotech  appliance  is  a  front-end 
head  that  storage  can  be  attached  to.  Both 
can  present  a  Common  Internet  File  System 
(CIFS)  or  Network  File  System  (NFS)  share 
to  users.  CIFS  is  the  Windows  standard  for 
sharing  storage,  while  NFS  is  used  by  Unix 
systems.  Mac  OS  X  and  Linux  typically  can 
use  either.  Both  systems  were  able  to  find  and 
remove  duplicate  files,  reducing  the  storage 
required  to  hold  data  with  some  duplicates. 

The  efficiency  here  is  dependent  on  how 
many  duplicate  files  there  are.  If  you  have  100 
user  directories  that  all  have  different  files  in 
them,  you  won’t  see  much  reduction.  If  you 
store  100  virtual  disk  files  that  have  mostly 
the  same  data,  the  NetApp  will  greatly  reduce 
the  space  necessary  to  hold  them,  but  the  Xio¬ 
tech  won’t,  since  its  deduplication  is  at  the  file 
level,  and  each  of  the  virtual  disk  files  would 


have  a  different  name.  If  you  have  100  work 
directories  that  have  mostly  the  same  files  in 
them,  either  appliance  will  reduce  the  space 
in  use  substantially. 

In  the  case  of  these  two  appliances,  perfor¬ 
mance  data  is  difficult  to  characterize,  since 
both  store  data  and  deduplicate  afterward.  In 
a  production  environment,  either  should  be 
capable  of  deduplicating  in  the  background 
without  impacting  performance  to  end  users. 

Finally,  the  Compellent  system  was  used 
for  the  setup  of  the  test,  and  demonstrates  the 
efficiency  of  deduplication  of  snapshots  and 
replicas.  The  system  was  used  to  take  weekly 
snapshots  of  data  over  a  period  of  time,  and 
then  the  oldest  snapshot  was  mounted  as  a 
new  volume.  Despite  the  fact  that  both  vol¬ 
umes  were  just  under  600GB  each,  the  actual 
space  used  on  the  SAN  was  less  than  6S0GB 
for  all  the  snapshots,  since  only  changes  from 
the  previous  snapshot  were  stored. 

Here  are  the  individual  reviews: 

Barracuda  Backup  Service 

The  Barracuda  Backup  Service  (BBS)  Model 
690  is  a  1U,  four-bay  appliance  that  can  store 
up  to  4TB.  Other  models  range  from  250GB 
to  24TB.  The  appliance  is  unusual  in  that 
it  also  can  operate  as  a  cache  for  an  off-site 
backup  service. 

This  can  be  another  appliance  at  a  data  cen¬ 
ter  or  central  office,  or  the  Barracuda  cloud,  or 
a  combination.  Barracuda  suggests  that  the 
total  capacity  of  the  system  to  be  backed  up  be 
about  half  of  the  capacity  of  the  appliance. 

In  addition,  unlike  the  other  products  tested, 
the  BBS  includes  backup  software,  which 
works  on  any  recent  version  of  Windows 
Server  or  Workstation,  and  includes  open  file 
support  for  SQL  Server  and  Exchange,  as  well 
as  Windows  7,  Vista  and  XP.  The  BBS  can  also 
be  used  to  provide  a  backup  target  for  other 


backup  software,  including  the  Netbackup 
7.0  used  for  this  test. 

The  included  backup  software  works  well, 
and  would  be  sufficient  for  any  small  organi¬ 
zation  as  well  as  many  larger  ones.  It  includes 
flexible  policies,  sophisticated  scheduling 
capabilities,  good  reporting  tools  and  a  simple 
self-service  restoration  interface  that  end  users 
can  utilize  to  restore  files  for  themselves. 

Setting  up  the  appliance  is  very  straight¬ 
forward  —  the  two-page  quick  start  guide 
may  be  all  the  documentation  many  orga¬ 
nizations  would  need.  The  appliance  takes 
an  IP  address  through  DHCP  by  default,  so 
even  the  basic  network  setup  is  only  neces¬ 
sary  if  you  want  to  give  it  a  static  address.  The 
rest  of  the  configuration  involves  setting  up 
backup  targets  and  configuring  the  system  to 
connect  to  off-site  backup  systems,  either  to 
other  Barracuda  appliances  or  to  the  cloud. 
With  a  single  Gigabit  Ethernet  interface,  the 
BBS  690  cannot  offer  the  speed  some  of  the 
other  systems  have,  but  it  was  able  to  back  up 
the  test  data  set  relatively  quickly,  and  would 
be  fast  enough  for  the  maximum  suggested 
amount  of  data,  2TB. 

Data  sent  to  the  cloud  is  encrypted  and 
includes  only  changes,  so  traffic  over  the 
WAN  is  kept  to  the  minimum  necessary.  For 
true  enterprise-class  fault  tolerance,  data  can 
be  restored  directly  from  the  appliance,  from 
the  Barracuda  cloud,  or  for  complete  restores 
in  the  case  of  a  data  center  disaster,  the  data 
can  be  shipped  on  disk  to  a  new  location. 

The  system  includes  error  reporting  via 
email  as  well  as  good  reporting  tools  and 
a  good  Web  interface.  The  deduplication 
worked  as  expected,  with  little  additional 
space  used  by  a  second  full  backup  of  the  test 
data.  The  BBS  offers  in-line  deduplication, 
which  means  that  data  is  processed  as  it  is 
stored.  At  a  price  of  $9,999  plus  the  monthly 
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HP  wins  performance  test 

Barracuda  and  Quantum,  which  use  the  in-line  method,  were  able  to  back 
up  and  deduplicate  589GB  in  less  than  two  hours.  ExaGrid  and  FalconStor, 
which  perform  deduplication  after  backing  up  the  entire  file  to  a  landing 
spot,  took  closer  to  three  hours.  HP  did  it  all  in  less  than  half  an  hour. 


Backup  1 

Backup  and 
deduplicate  1  +  2 

1+2+3 

Barracuda 

1:48 

1:50 

1:51 

ExaGrid 

2:48 

2:51 

2:55 

FalconStor 

2:32 

2.38 

2:48 

HP 

0:26 

0:26 

0:27 

Quantum 

1:50 

1:55 

1:51 

fees  for  cloud  storage,  the  Barracuda  Backup 
Service  is  an  excellent  way  to  add  complete 
disaster  recovery  to  an  organization  with  a 
low  upfront  cost  and  all  the  functionality  one 
might  wish  for,  including  backup  software. 

ExaGrid  Disk-based  Backup  System 

The  ExaGrid  EXIOOOOE  boasts  raw  capac¬ 
ity  of  23TB,  and  usable  capacity  of  10TB.  As 
tested,  it  includes  six  1G  Ethernet  interfaces, 
and  is  available  with  10G  Ethernet  interfaces 
as  well.  Backups  complete  very  quickly  since 
the  unit  does  post-processing  —  the  dedupli¬ 
cation  is  done  after  the  backup  is  completed. 
The  backups  alone  completed  in  less  than  an 
hour,  then  post-processing  began  automati¬ 
cally.  This  is  why  the  system  has  a  raw  capac¬ 
ity  of  23TB  and  a  usable  capacity  of  10TB 
—  the  rest  is  used  to  hold  data  until  dedupli¬ 
cation  is  finished.  The  amount  used  for  the 
landing  zone  can  be  tuned  if  desired,  but  the 
default  is  about  half  for  each. 

The  supplied  documentation  included  spe¬ 
cialized  information  for  use  with  Netbackup. 
This  made  getting  Netbackup  working  with 
the  system  much  simpler.  Similar  guides  for 
other  backup  products  also  are  available. 

Initial  setup  is  very  simple,  and  adding 
units  to  an  existing  installation  is  easy  as 
well.  Multiple  systems  automatically  create  a 
cluster  that  is  highly  available  and  easily  scal¬ 
able.  Managing  the  system  is  straightforward, 
and  there  is  little  difference  in  complexity 
between  managing  a  single  backup  system 
and  managing  a  number  of  appliances  at 
several  locations.  Reporting  tools  are  excel¬ 
lent,  and  include  alerts  via  email. 

While  the  price  as  tested  of  $58,900  is  rela¬ 
tively  high,  the  performance,  scalability  and 
caliber  of  documentation  and  support  reflect 
the  enterprise  orientation  of  the  system.  For 
a  data  center  that  needs  to  support  multiple 
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backups  from  several  servers  at  once  during  a 
short  backup  window,  the  EXIOOOOE  should 
be  on  the  short  list  for  consideration.  A  basic 
model  is  available  starting  at  $14,900. 

FalconStor  File-interface 
Deduplication  System  Appliance 

The  FalconStor  File-interface  Deduplication 
System  Appliance  FS-FDSSA101R1A  is  an 
inexpensive  appliance  with  a  lot  of  expand¬ 
ability  and  a  good  feature  set  that  includes 
WAN  replication  to  other  appliances.  There  is 
also  an  option  for  a  virtual  appliance  running 
as  a  VM  on  VMware,  or  a  gateway  appliance 
that  uses  existing  storage  to  create  a  dedupli¬ 
cated  share  for  backups. 

The  unit  we  received  for  testing  supports 
six  drives  and  four  Gigabit  Ethernet  inter¬ 
faces.  Additional  shelves  of  drives  can  be 
added  to  expand  capacity  up  to  68TB,  and 
additional  Gigabit  or  10G  interfaces  can  be 
added  as  well.  The  FalconStor  File-interface 
Deduplication  System  (FDS)  includes  Repli¬ 
cation  and  an  OST  support.  It  can  replicate 
data  to  a  second  appliance  over  a  WAN  con¬ 
nection  using  both  encryption  and  dedupli¬ 
cation  to  minimize  WAN  traffic. 

The  system  offers  either  post-processing  or 
a  hybrid  that  starts  deduplication  30  seconds 
after  a  backup  starts,  reducing  the  amount 
of  landing  space  needed  to  store  data  before 
deduplication  starts.  Policies  can  be  set  to 
exclude  data  from  deduplication  by  data  type, 
age  of  file  or  location  of  data. 

Setup  of  the  system  is  straightforward,  and 
the  initial  Web-based  setup  includes  down¬ 
loading  the  administrative  console  software. 

At  a  cost  of  $10,900  as  tested,  the  Falcon¬ 
Stor  system  offers  a  lot  of  functionality  for 


the  price,  with  great  expandability  and  fault 
tolerance  through  replication  without  addi¬ 
tional  licensing  costs. 

HP  StoreOnce  Backup  System 

The  HP  StoreOnce  Backup  System  D2D4324 
is  the  most  expensive  in  the  test  by  a  large  mar¬ 
gin,  with  a  price  as  tested  of  $149,999,  but  it 
also  offers  the  highest  usable  capacity  at  18TB, 
and  the  fastest  performance  by  a  large  mar¬ 
gin,  with  times  to  complete  the  backup  four 
or  five  times  faster  than  the  others,  because 
of  the  8Gbps  Fibre  Channel  interface.  Time  to 
complete  post-processing  and  finish  dedupli¬ 
cation  was  also  extremely  fast.  Scalability  is 
also  excellent,  with  up  to  three  more  shelves 
supported  for  a  total  capacity  of  72TB. 

The  unit  supports  Fibre  Channel,  iSCSI 
and  network  shares  for  backup  targets,  mak¬ 
ing  it  a  very  flexible  system  that  can  support 
virtually  any  type  of  backup  software.  Like 
ExaGrid,  HP  includes  specialized  guides  to 
using  the  appliance  with  a  variety  of  backup 
software,  including  Netbackup.  This  makes 
the  initial  setup  much  simpler.  Configuration 
of  the  unit  was  very  straightforward,  and 
there  were  no  issues  with  getting  the  Fibre 
Channel  interface  working. 

The  D2D4324  is  available  with  a  replica¬ 
tion  license,  which  includes  replication  man¬ 
agement  software  to  simplify  the  process  of 
setting  up  local  or  remote  replication.  The 
system  can  support  many  to  one  replication, 
so  that  as  many  as  50  remote  units  can  con¬ 
solidate  backups  to  the  D2D4324.  Accord¬ 
ing  to  HP,  a  fully  configured  72TB  D2D4324 
can  support  up  to  20  simultaneous  streams, 
backing  up  a  total  of  4TB  per  hour. 

While  the  D2D4324  is  not  cheap,  it  offers 
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true  enterprise-class  performance  and  seal- 
ability,  with  great  ease  of  use.  With  the  capa¬ 
bility  of  backing  up  many  servers  simulta¬ 
neously,  it  is  capable  of  fitting  into  even  the 
largest  data  center  environments  and  provid¬ 
ing  data  security  for  dozens  of  servers. 

Quantum  Disk  Deduplication 
Backup  Appliance 

The  Quantum  DXi4520  appliance  is  a  2U 
appliance  with  eight  drives,  a  4.4TB  usable 
capacity  and  four  Gigabit  Ethernet  ports.  It 
includes  OST  support,  support  for  backing  up 
VMs,  replication,  network- attached  storage 
(NAS)  capability  and  advanced  reporting  tools 
that  offer  useful  diagnostic  and  monitoring 
capabilities.  The  reports  also  include  histori¬ 
cal  tracking  of  the  amount  of  space  consumed 
over  time  to  back  up  a  particular  share,  indi¬ 
cating  both  how  effective  deduplication  is  and 
how  much  data  is  being  changed  on  the  share. 

Replication  is  a  very  useful  capability  that 
allows  for  creating  another  copy  of  backed  up 
data  off-site.  Unlike  most  of  the  other  products, 
replication  capability  is  included,  though  you’d 
still  need  a  second  device  to  replicate  to. 

Port  bonding  is  straightforward  to  set  up, 
although  this  is  also  partly  dependent  on 
the  switch  the  appliance  is  connected  to.  For 
our  tests  we  used  only  a  single  Ethernet  port; 
since  the  server  being  backed  up  had  only  a 
single  connection,  using  more  wouldn’t  have 
improved  performance. 

At  $22,500  as  tested,  the  DXi4520  is  more 
expensive  than  the  Barracuda  or  FalconStor, 
but  includes  replication  capability,  four  Eth¬ 
ernet  ports,  full  NAS  functionality  and  excel¬ 
lent  reporting. 

NetApp  FAS  2040  System 

The  NetApp  FAS  2040  System  is  not 
intended  as  a  backup  target,  but  rather  as 
a  more  or  less  standard  NAS  system.  The 
features  offered  by  the  2040  reflect  a  sophis¬ 
ticated  SAN  system,  including  volume 
snapshots,  thin  provisioning,  replication, 
multiple  RAID  levels,  a  flexible  management 
console  and  deduplication.  The  system  is  a 
12-drive  3U  appliance  that  was  configured 
with  300GB  SAS  drives  for  our  application, 
providing  high-performance  storage. 

Deduplicating  primary  storage  is  dramati¬ 
cally  different  from  deduplicating  a  backup 
target.  Rather  than  data  that  typically  is 
written  once  and  never  again,  data  written  to 
primary  storage  may  be  added  to  regularly, 
changed  often  and  deleted  on  occasion.  The 
deduplication  software  must  be  able  cope 
with  continually  changing  data  without  affect¬ 
ing  the  availability  of  the  data  to  the  end  user. 
This  means  that  the  data  must  continue  to  be 


available  at  all  times. 

Setting  up  the  2040  was  straightforward, 
and  would  not  have  been  an  issue  even  with¬ 
out  the  support  engineer  who  came  out  to 
install  the  system.  Getting  it  set  up  was  a  mat¬ 
ter  of  less  than  half  an  hour  from  plugging 
cords  in  to  finishing  the  configuration. 

Testing  the  deduplication  function  of  the 
online  systems  was  different  from  with  the 
backups.  Rather  than  making  several  back¬ 
ups,  we  copied  two  volumes  to  the  appliance. 
The  first  volume  was  copied,  then  copied 
again  as  a  new  volume,  and  then  the  second 
volume  with  some  changed  data  was  copied 
as  another  new  volume.  The  NetApp  exhib¬ 
ited  very  good  efficiency  with  the  additional 
data  copied.  The  second  copy  with  the  same 
data  consumed  very  little  additional  space 
on  the  system,  and  the  third  copy  used  only  a 
little  more  space  than  the  changed  files. 

The  initial  589GB  volume  copied  to  system 
consumed  566GB  of  space  after  deduplica¬ 
tion.  Adding  the  changed  volume  with  32GB 
of  changed  data  increased  the  space  in  use  to 
only  604GB.  A  third  copy  with  the  same  data 
increased  the  space  in  use  to  only  605GB  total. 
This  means  that  three  volumes,  each  589GB, 
were  copied  to  the  system,  and  the  total  space 
in  use  was  only  605GB.  Granted,  this  degree 
of  similarity  between  volumes  represents  the 
extreme  rather  than  the  norm,  but  it  verifies 
that  deduplication  functions  as  expected. 

With  a  price  as  tested  of  $25,000  for  3.6TB 
of  raw  capacity,  the  2040  provides  an  excel¬ 
lent  feature  set  as  a  NAS  system,  great  perfor¬ 
mance  and  the  additional  efficiency  of  dedu¬ 
plication  without  extra  cost. 

Xiotech  File  Storage  Controller 

The  Xiotech  File  Storage  Controller  is  not  really 
a  storage  appliance.  It  is  a  1U  server  running 
a  tuned  version  of  Windows  Storage  Server, 
which  can  be  connected  to  as  much  storage 
as  you  like,  via  either  iSCSI  or  Fibre  Channel. 
For  this  test,  the  storage  was  a  9.6TB  Xiotech 
ISE  Storage  Blade  system  connected  via  Fibre 
Channel.  The  Storage  Controller  presents  the 
storage  via  iSCSI,  CIFS,  NFS,  FTP  or  HTTP. 

Deduplication  is  at  the  file  level,  rather 
than  sub-block  level,  like  all  the  other  devices 
tested.  This  means  that  two  files  that  share 
mostly  the  same  data,  say  a  600MB  raw  video 
file  and  an  edited  version  of  650MB,  would 
consume  1.25GB,  while  on  the  NetApp  sys¬ 
tem  it  would  use  about  655MB. 

One  advantage  to  the  storage  controller  is 
that  adding  blocks  of  storage  is  simple  and 
inexpensive,  since  the  controller  can  be  the 
front  end  for  up  to  256  Storage  Blades.  It  can 
be  used  with  both  ISE  and  Block  Storage  Con¬ 
trollers  from  Xiotech.  When  Block  Storage 


Controller  is  used,  thin  provisioning  can  be 
invoked. 

The  Xiotech  system  offers  three  times  the 
capacity  of  the  NetApp  system  for  a  little  more 
than  twice  the  price.  It  offers  snapshots  and 
other  SAN  features,  and  good  performance, 
though  with  somewhat  less  efficiency  than 
the  NetApp  system. 

When  the  three  volumes  were  copied  to 
the  Xiotech,  the  first  589GB  volume  occupied 
581GB  on  the  Xiotech  system  after  deduplica¬ 
tion.  When  the  second  volume  was  copied  to 
the  Xiotech,  space  in  use  increased  to  965GB, 
and  when  the  third  volume  was  copied, 
space  in  use  increased  to  971GB,  compared  to 
566GB,  604GB  and  605GB  with  the  NetApp. 
So  the  NetApp  costs  more  per  gigabyte  ini¬ 
tially,  but  makes  better  use  of  the  space  it  has. 
How  this  would  work  out  with  real-world 
data  would  greatly  depend  on  the  types  of 
data  and  how  many  similar  or  identical  files 
were  stored  multiple  times. 

At  a  cost  of  $62,000  for  9.6TB,  the  Xio¬ 
tech  File  Storage  Controller  and  ISE  Storage 
Blades  offer  a  simple,  easy-to-expand  system 
that  provides  a  good  set  of  SAN  storage  fea¬ 
tures  as  well  as  the  increased  efficiency  of 
file-level  deduplication,  at  a  lower  cost  per 
gigabyte  than  the  NetApp  with  block-level. 

Compellent  (Dell)  Storage  Center 

The  Compellent  Storage  Center  was  not  really 
tested  as  part  of  this  review,  but  it  is  instruc¬ 
tive  in  another  way  that  deduplication  can  be 
used  in  a  SAN  system.  The  two  volumes  used 
to  test  the  systems  were  stored  on  a  Compel¬ 
lent  SAN.  The  two  volumes  represented  snap¬ 
shots  of  a  production  volume  taken  automati¬ 
cally  by  the  system  about  four  months  apart, 
during  which  time  some  4,552  files,  occupy¬ 
ing  31.7GB  of  space,  were  changed  or  added 
to  the  volume.  The  two  snapshots  actually 
stored  only  changes  to  the  data  on  the  system 
—  the  total  space  used  by  both  snapshots  was 
not  589GB  each,  but  only  about  32GB,  repre¬ 
senting  the  changes  made  to  the  volume. 

The  Compellent  system  also  deduplicates 
between  volumes  —  it  would  be  possible  to 
create  50  snapshots  of  a  100GB  boot  volume, 
mount  each  snapshot  as  a  separate  volume 
and  have  50  boot  volumes,  while  still  using 
only  a  little  more  than  100GB  for  all  50  vol¬ 
umes,  at  least  until  the  volumes  had  files 
added  to  them  individually.  For  virtualiza¬ 
tion  environments  or  boot  from  SAN  systems, 
this  offers  a  huge  improvement  in  efficiency 
over  individual  volumes  in  each  server.  H 

Harbaugh  is  a  freelance  writer  living  in 
California.  He  can  be  reached  at  logan@ 
lharba.com. 
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Missing  data  is  a  problem.  Unless  you  work  with  CenturyLink.  A  secure,  scalable 
cloud  solution  means  that  no  matter  what  happens  to  your  data,  you've  always  got 
a  backup  plan.  So  even  if  your  data  is  damaged,  your  business  will  never  miss  a 
beat.  The  solution  to  this  problem  is  your  password  at  ultimateproblemsolver.com. 
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►  9/11,  from  page  1 

and  how  you  deploy  it,”  says  Roger  Hixson, 
technical  issues  director  for  the  National 
Emergency  Number  Association  (NENA). 
“The  deployment  approach  affects  the  econom¬ 
ics  of  it  and  the  funds  required  to  do  it.” 

NG  9-1-1  is  geared  to  be  one  of  the  hottest 
issues  in  the  telecom  industry  in  the  months 
ahead. 

In  August,  FCC  Chairman  Julius  Genach- 
owski  announced  a  five-step  action  plan  for 
transitioning  the  nation  to  NG  9-1-1  services. 
Steps  include  completing  the  standards 
required  to  accept  photos,  video  and  text 
along  with  voice  information,  creating  a  gov¬ 
ernance  framework  because  no  single  gov¬ 
ernment  entity  has  jurisdiction  over  9-1-1  ser¬ 
vices,  and  developing  funding  models  for  the 
necessary  hardware  and  software  upgrades. 

“The  world  of  information  and  communi¬ 
cations  technology  is  completely  different . 

. .  from  9/11,”  Genachowski  told  an  audience 
of  first  responders.  “The  unfortunate  truth  is 
that  the  capability  of  our  emergency  response 
communications  has  not  kept  pace  with  com¬ 
mercial  innovation  —  has  not  kept  pace  with 
what  ordinary  people  now  do  every  day  with 
communications  devices.” 

The  FCC’s  NG  9-1-1  effort  coincides  with 
other  government  efforts  aimed  at  boosting 
national  emergency  response  systems.  The 
Obama  administration  wants  to  invest  $10 
billion  in  a  nationwide  interoperable  broad¬ 
band  network  for  first  responders,  and  vari¬ 
ous  proposals  for  funding  this  public  safety 
network  are  floating  around  Capitol  Hill. 

“I  expect  NG  9-1-1  to  be  absolutely  at  the 
forefront  of  debate  over  the  next  six  months,” 
says  Trey  Forgety,  NENA’s  government  affairs 
director.  “There  is  legislation  pending  on  the 
Hill.  This  issue  has  gotten  a  lot  of  traction.” 

Under  development  since  2004,  NG 
9-1-1  standards  are  mostly  complete.  NENA 
issued  an  architecture  document  in  June  that 
outlines  the  networks,  components  and  inter¬ 
faces  that  will  allow  9-1-1  services  to  run  on 
private,  IP-based  networks. 

“We  built  the  architecture  on  the  basis  of  a 
future  vision  of  the  telecom  process,  assum¬ 
ing  the  carriers  will  eventually  go  to  IP  sys¬ 
tems  and  interfaces  for  9-1-1  services,”  Hix¬ 
son  says.  “The  call  routing  and  data  handling 
within  the  architecture  can  be  implemented 
today,  but  with  transitional  aspects  to  allow 
it  to  work  with  the  older  technology.” 

States  that  are  leading  the  way  toward  NG 
9-1-1  deployment  include  Vermont,  which  has 
deployed  an  all-IP  architecture,  and  Indiana, 
which  is  using  IP  for  wireless  calls.  In  April, 
Cincinnati  Bell  announced  availability  of  its 
NG  9-1-1  services,  while  Tennessee,  Texas 
and  Kentucky  are  in  various  stages  of  design, 


9-1-1  at  a  Glance 


Launched  43  years  ago,  the  nation’s 
9-1-1  emergency  response  system: 
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signals  for  other  callers. 


SOURCE:  NENA,  FCC.  NATIONAL  GEOGRAPHIC 


procurement  and  installation. 

“There  needs  to  be  coordination  on  a  nation¬ 
wide  level  regarding  rollout  of  NG  9-1-1,”  says 
John  Chiaramonte,  lead  associate  with  con¬ 
sultancy  Booz  Allen  Hamilton. 

How  much  NG  9-1-1  systems  will  cost 
depends  on  how  they  are  administered.  State¬ 
wide  systems  tend  to  be  less  expensive  and 
easier  to  upgrade.  In  southern  Illinois,  16  coun¬ 
ties  banded  together  to  upgrade  to  NG  9-1-1  in  a 
more  cost-effective  manner. 

Nobody  has  even  a  ballpark  estimate  for 
how  much  it  will  cost  the  nation  to  migrate 
to  NG  9-1-1  services.  Most  of  the  money  for 
operating  9-1-1  call  centers  comes  from  fees 
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that  are  added  to  resi¬ 
dential  and  corporate 
wireline  and  wireless 
phone  bills.  However, 
some  states  misappropriate  9-1-1  funds  and 
spend  the  money  on  other  expenditures  —  a 
practice  that  NENA  is  hoping  will  be  out¬ 
lawed  by  new  federal  legislation. 

“Every  funding  option  should  be  on  the 
table,”  Forgety  says.  “We  need  to  find  the 
way  that  works  best  for  the  country.  Some 
proposals  include  9-1-1  service  rolls  into  the 
Universal  Service  Fund,  a  new  federal  tax, 
or  all  sorts  of  novel  proposals  such  as  every 
broadband  connection  would  be  subject  to 
a  9-1-1  fee  because  it  will  now  be  possible  to 
make  9-1-1  calls  from  a  laptop.” 

Another  hurdle  is  the  regulatory  framework, 
given  that  federal  agencies  are  pushing  for  the 
new  technology  while  local  agencies  must  buy 
it.  The  FCC  is  expected  to  issue  a  proposed 
rulemaking  in  September  that  describes  the 
regulatory  framework  for  NG  9-1-1. 

Upgrading  to  new  technology  also  creates 
issues  for  9-1-1  operators,  dispatchers  and 
managers.  And  there’s  a  huge  need  for  public 
outreach  to  explain  the  new  services. 

“We’ve  done  a  great  job  educating  the  public 
on  9-1-1.  If  you  have  an  emergency,  you  know 
to  call  9-1-1,”  Chiaramonte  says.  “But  as  we 
start  rolling  out  new  features,  the  public  needs 
to  be  aware  of  the  proper  use  of  these  services. 
Just  because  in  Black  Hawk  County,  Iowa,  you 
can  send  text  messages  to  9-1-1  doesn’t  mean 
that’s  going  to  work  elsewhere.” 

With  proper  planning,  funding  doesn’t  have 
to  be  a  stumbling  block  for  NG  9-14  deploy¬ 
ments.  Vermont  upgraded  from  an  ISDN- 
based  system  to  a  TCP-IP  based  system  in 
2007,  and  it  paid  for  part  of  that  upgrade  with 
efficiencies  gained  by  closing  two  call  centers. 

“The  biggest  thing  that’s  holding  up  next- 
gen  911  is  the  mistaken  belief  that  it’s  going 
to  cost  so  much  money  that  it’s  impossible  to 
move,”  says  Jim  Lipinski,  Enhanced  9-1-1  IT 
manager  for  Vermont,  adding  that  the  cost 
of  NG  9-1-1  won’t  be  prohibitive  if  states  plan 
ahead  and  upgrade  gradually. 

Experts  say  it  could  take  another  five  to  10 
years  for  80%  of  the  nation’s  9-1-1  call  centers 
to  be  as  advanced  as  Vermont’s. 

“The  9-1-1  system  is  43  years  old.  The  tech¬ 
nology  is  largely  unchanged.  We  did  bolt  on 
wireless  9-1-1  and  VoIP ...  to  the  existing  tech¬ 
nology.  But  newer  technologies  have  emerged, 
and  the  9-1-1  system  is  struggling  to  adapt  and 
embrace  these  communications  [other  than] 
voice,”  Chiaramonte  says.  “There’s  no  line  in 
the  sand  for  when  we  need  to  upgrade,  except 
to  say  that  many  [call  centers]  are  dealing 
with  very  old  technology.  It’s  because  of  great 
care  and  feeding  that  these  systems  have  been 
able  to  continue  working  so  well.”  ■ 
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BY  ANN  BEDNARZ 

IN  THE  aftermath  of  the  terrorist  attacks  on 
Sept.  11, 2001,  Dave  Rudzinsky’s  first  thoughts 
and  concerns  were  for  the  people  affected  by 
the  tragedies.  As  someone  who  plays  a  critical 
role  in  his  own  employer’s  disaster  readiness, 
he  also  found  himself  trying  to  comprehend 
the  corporate  devastation. 

“I  started  thinking,  what  about  all  those 
businesses?”  recalls  Rudzinsky,  CIO  at 
Hologic,  a  $1.7  billion  medical  device  company 
in  Bedford,  Mass. 

Many  companies  had  refined  their  IT  disas¬ 
ter  recovery  programs  prior  to  9/11,  but  the 
attacks  exposed  a  lack  of  attention  to  continu¬ 
ity  of  business  operations,  says  Roberta  Witty, 
research  vice  president  at  Gartner. 

“What  happens  when  you  lose  your  work¬ 
force?  What  if  you  don’t  have  a  building  to  go 
to  anymore?  How  do  you  get  in  touch  with 
your  employees?  How  do  you  shift  work 
from  one  location  to  another?”  Witty  says. 
“Companies  realized  that  all  they  had  was 
an  IT  disaster  recovery  program.  They  had 
to  focus  on  the  business  side  of  house,  to  a 
great  extent.” 

The  9/11  attacks  showed  the  world  that  the 
worst  possible  scenario  can  actually  happen, 
says  Bill  Swislow,  CIO  and  senior  vice  presi¬ 
dent  at  Cars.com  in  Chicago.  “We  understood 
what  that  kind  of  event  could  do,  that  it  could 
shut  down  the  downtown  of  a  city  for  days.” 

Since  9/11,  Cars.com  has  focused  more 
attention  on  disaster  recovery  and  continuity 
of  operations.  It  now  has  access  to  a  remote 
office  site  in  the  event  that  its  downtown 
Chicago  headquarters  is  inaccessible,  for 
instance.  “We’ve  thought  much  more  about 
loss  of  physical  access,  and  we  have  a  plan  that 
tries  to  address  the  situation  if  there’s  no  cen¬ 
tral  office  for  people  to  go  to,”  Swislow  says. 

Among  the  changes  Hologic  made  fol¬ 
lowing  9/11  was  to  move  key  applications 
including  its  ERP  systems  to  a  hosted  data 
center  facility.  The  data  center  provider  has 
more  expertise  implementing  state-of-the- 
art  disaster  recovery  plans  and  technologies, 
Rudzinsky  says.  “We’re  in  the  medical  device 
business,  not  the  data  center  business.” 

Hologic  also  has  enabled  more  of  its  work¬ 
force  to  telework  in  the  event  of  an  emergency. 
“We  certainly  need  manufacturing  and  opera¬ 
tions  people  to  get  to  the  factories,  but  a  lot  of 
the  other  business  functions  are  enabled  now 
to  work  from  just  about  anywhere,”  he  says. 

Before  9/11,  Hologic’s  disaster  recovery 
preparations  were  about  satisfying  corporate 
auditors.  Now  it’s  a  more  strategic  priority. 


not  only  for  IT  but  also  for  the  company’s 
top  executives. 

“As  a  small  startup,  we  were  more  risk  tol¬ 
erant.  As  we’ve  become  a  larger,  public  com¬ 
pany,  we’re  a  lot  less  risk 
tolerant,”  Rudzinsky  says. 

“On  our  IT  agenda  and  our 
business  agenda  every  year, 

IT  risk  and  security  keeps 
climbing.” 

Rethinking  IT  priorities 

The  attacks  wound  up  giv¬ 
ing  some  IT  teams  the  sup¬ 
port  they  needed  to  put 
longtime  plans  into  action. 

For  Brandeis  University, 
that  meant  going  ahead  with 
plans  to  build  a  redundant 
data  center. 

“We  talked  about  it,  we 
planned  for  it,  but  it  never 
really  got  beyond  the  plan¬ 
ning  stages.  It’s  something 
that  really  got  pushed  to 
the  back  burner,”  says  John 
Turner,  director  of  networks 
and  systems  at  Brandeis  in 
Waltham,  Mass.  “I  think 
that  9/11  had  a  direct  impact 
on  the  overall  funding  deci¬ 
sion  to  go  ahead  and  build 
out  a  second  data  center.” 

New  and  expanded  legis¬ 
lation  passed  post-9/11  also 
impacted  Brandeis.  As  part 
of  the  Patriot  Act,  colleges  and  universities 
hosting  international  students  are  required  to 
use  the  Student  Exchange  and  Visitors  Infor¬ 
mation  System  (SEVIS),  a  digitized  system 
for  tracking  information  regarding  exchange 
visitors,  international  students  and  scholars. 

Homeland  security  efforts  also  expanded 
the  impact  of  the  1994  Communications  Assis¬ 
tance  for  Law  Enforcement  Act  (CALEA),  or 
digital  wiretap  law;  colleges  and  universities 
that  essentially  act  as  ISPs  to  the  student  pop¬ 
ulations  can  be  required  to  allow  surveillance 
access  to  their  networks. 

IT  teams  at  Brandeis  have  had  to  equip  the 
school’s  ERP  systems  to  collect  and  monitor 
SEVIS  data,  for  instance,  and  security  groups 
have  been  trained  to  respond  to  court-ordered 
wiretaps  and  data  preservation  requests.  “The 
Patriot  Act  had  a  big  impact  on  what  we  do 
and  how  we  operate,”  Turner  says. 

The  mass  shooting  on  the  campus  of  Vir¬ 
ginia  Tech  also  had  a  big  impact  on  Brandeis; 
the  2007  tragedy  forced  the  entire  education 


industry  to  reconsider  and  strengthen  their 
ability  to  communicate  with  students,  faculty 
and  staff  in  the  event  of  an  emergency. 

Private  industry,  too,  is  paying  greater  atten¬ 
tion  to  emergency  commu¬ 
nications,  Witty  says,  with 
hosted  offerings  enabling 
businesses  to  share  essen¬ 
tial  information  before, 
during  and  after  a  crisis. 
“They’re  using  it  to  com¬ 
municate  the  company’s 
recovery  operations  and  to 
inform  the  workforce,  cus¬ 
tomers  and  partners  about 
the  impact  of  an  emergency 
and  how  the  company  is 
responding,”  Witty  says. 

In  Washington,  D.C.,  one 
of  the  most  tangible  tech¬ 
nology  deployments  com¬ 
pleted  in  the  wake  of  9/11 
is  the  city’s  municipal  fiber 
network,  called  DC-Net. 

“From  the  moment 
I  walked  in  the  door  in 
January  of  2003,  it  was  all 
about,  ‘Let’s  make  sure  we 
have  city  wide  services  and 
those  citywide  services 
must  be  able  to  sustain 
various  levels  of  disaster,”’ 
recalls  Rob  Mancini,  who 
today  is  CTO  in  the  District 
of  Columbia’s  Office  of  the 
Chief  Technology  Officer 
(OCTO).  “The  existence  of  the  basic  infrastruc¬ 
ture,  the  city-owned  government  network  on 
high-speed  fiber,  is  the  beginning  of  getting 
our  arms  around  a  9/11-type  of  issue.” 

DC-Net  provides  voice,  data,  video  and 
wireless  services  for  347  District  government 
sites  including  120  schools,  35  recreation  cen¬ 
ters  and  20  libraries.  DC-Net  also  supports 
the  District’s  911  call  center  and  its  police,  fire, 
emergency  medical  and  emergency  manage¬ 
ment  services.  For  the  public,  DC-Net  pro¬ 
vides  backhaul  for  more  than  250  free  wire¬ 
less  hotspots  throughout  the  city. 

Those  wireless  hotspots  proved  important 
when  a  5.8  magnitude  earthquake  occurred  in 
Virginia  last  month  and  cellphone  networks 
were  jammed  by  a  flood  of  calls. 

“When  the  earthquake  hit,  we  had  a  few 
thousand  people  jumping  on  [the  Wi-Fi  net¬ 
work  on  the  National  Mall]  to  let  their  families 
know  they  were  OK.  We  didn’t  have  that  10 
years  ago,  and  we  continue  to  build  on  that,” 
Mancini  says.  ■ 


When  the 
earthquake 
hit,  we  had  a  few 
thousand  people 
jumping  on  [the 
Wi-Fi  network  on 
the  National  Mall] 
tolettheirfamilies 
know  they  were  OK. 


ROB  MANCINI,  CTO,  DISTRICT 
OF  COLUMBIA 
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Hooked  on  Google 


SOMEWHAT  TO  my  surprise  I’ve  become 
a  very  committed  user  of  a  huge  number  of 
Google  products  as  have,  I  suspect,  many  of 
you .  While  some  of  these  products  are  what  we  might  call  “safe”  to  rely 
on,  there’s  a  whole  other  set  that  we’re  handcuffed  to  and  when  they’re 
not  available ...  well,  that  can  be  a  really  big  problem. 

For  example,  Google  applications  such  as  Picasa  are  “safe.”  Sure, 
they  might  crash  or  have  a  bug,  but  it’s  unlikely  your  life  will  come  to  a 
grinding  halt  should  one  of  them  go  “thud”  for  some  reason. 

I  must  digress  for  a  moment  and  note  that  if  you  use  SketchUp  in  any 
serious  way  you  have  to  get  IMSI’s  Renditioner,  a  SketchUp  add-on 
that  takes  SketchUp  models  and  provides  photorealistic  rendering  (the 
VW  bus  example  in  the  gallery  is  outstanding).  I’ve  just  started  play-, 
er,  testing  this  tool  and  it  is  incredible. 

But  the  more  critical  Google  products  that  have  snagged  many  of  us 
are  the  company’s  online  services.  These  are  the  tools  we’re  addicted  to. 
We’re  like  junkies  who  can’t  function  without  our  services  “fix.” 

For  example,  I  still  route  most  email  via  my  gibbs.com  domain,  but 
my  email  client  for  99.9%  of  my  messaging  is  Google’s  Gmail  (I  still  use 
Outlook  for  a  couple  of  accounts  where  Microsoft  Office  integration  is 
useful).  And  then  there’s  Google  Calendar  and  Google  Voice  —  I  can’t 
live  without  either  of  them. 

About  a  week  ago  I  sat  down  to  do  some  work.  I  checked  Gmail  and 
answered  some  messages  then  went  to  add  an  event  to  my  calendar ... 
and  nothing.  It  just  timed  out.  And  so  did  iGoogle!  And  so  did  Google 
itself!  And  this  happened  whether  I  was  using  an  OS  X  machine  or  a 
Windows  box. 


My  first  thought  was  that  it  must  have  been  my  problem.  If  I  could  get 
to  Gmail  then  surely  all  of  those  other  services  should  be  accessible. 

Was  it  something  wrong  with  my  DSL  modem?  I  cycled  the  power  on 
it  but  that  made  no  difference.  OK,  then  let’s  power  cycle  all  the  hard 
ware:  DSL  modem,  firewall,  switches,  routers,  PCs,  coffee  pot,  toaster 
...  nope,  no  change. 

After  over  two  hours  of  going  around  and  around  in  circles  and 
doing  everything  I  could  think  of  other  than  praying  to  St.  Jude  (the 
patron  saint  of  desperate  cases  and  lost  causes),  suddenly  everything 
was  fine!  I  hadn’t  done  anything,  it  just  all  straightened  itself  out  and 
every  Google  service  was  visible  and  working  just  fine. 

I  have  no  idea  what  the  problem  was  but  I  suspect  some  ISP  between 
me  and  Google  had  serous  problems  because  Google’s  Apps  dash¬ 
board  didn’t  show  there  had  been  anything  wrong.  What  it  made 
me  think  about  was  that  our  reliance  on  Google’s  services  —  and,  by 
extension,  the  growing  raft  of  cloud  services  —  is  huge  and  potentially 
dangerous. 

What  happens  if  Google  ever  has  a  serious  network  infrastructure 
problem?  What  happens  if  one  or  more  of  the  Google  services  develops 
a  serious  bug?  What  happens  if  there’s  a  weak  link  between  you  and 
the  Google  cloud?  What  happens  if  the  problem  lasts  a  day?  A  week? 

I’m  worried  that  we  are  becoming  too  reliant  on  Google  and  that,  one 
of  these  days,  we  could  find  ourselves  cut  loose  from  our  fix  for  just  a 
little  too  long.  What  then?  What  will  you  do?  What  are  you  doing  now 
to  make  sure  that  doesn’t  happen  to  you?  ■ 

Gibbs  is  connected  in  Ventura,  Calif.  Link  up  to  backspin@gibbs.com. 
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Shady  search  casts  iCIoud  over  Apple 


YES,  THE  story  of  Apple’s  police-aided, 
ham-handed  hunt  for  a  second  lost  iPhone 
prototype  has  received  a  fair  amount  of 
attention.  However,  the  Keystone  Kops-like  caper  deserves  a  lot  more, 
and  probably  would  have  gotten  it  right  off  the  bat  were  it  not  for  two 
facts:  The  story  reached  critical  mass  over  the  Labor  Day  weekend  and 
more  than  a  few  journalists  were  at  first  convinced  that  it  had  to  be  a 
hoax  or  a  marketing  stunt,  because,  well,  how  in  the  name  of  Woz  could 
this  have  happened  twice ...  to  Apple? ...  It  did. 

Here’s  the  background,  as  publicly  understood:  The  device  goes 
missing  in  late  July  from  a  San  Francisco  watering  hole;  Apple  traces  it 
via  GPS  (presumably  after  freaking  out)  to  a  home  in  the  same  city;  six 
suits,  at  least  one  of  whom  reportedly  identifies  himself  as  a  police  offi¬ 
cer,  arrive  on  the  homeowner’s  doorstep  and  ask  to  search  the  place;  the 
homeowner,  reasonably  assuming  that  he’s  looking  at  a  half-dozen  cops 
—  not  the  four  flatfoots  plus  two  Apple  security  agents  actually  there  — 
admits  to  having  been  at  the  saloon  (ding,  ding,  ding)  denies  having  the 
phone,  and  acquiesces  to  the  search;  two  of  the  suits  —  reportedly  the 
Apple  two  —  enter  the  home  and  find  nary  an  iPhone  5  prototype. 

Fast-forward  a  month:  CNET  publishes  an  exclusive  outlining  the 
lost-and-not-found  tale;  police  spokespeople  insist  they  have  no  record 
of  any  such  search  or  even  a  missing-phone  report  from  Apple;  media 
skeptics  heckle  CNET.  Then  a  San  Francisco  reporter  finds  the  hom¬ 
eowner,  who  confirms  the  gist  of  the  CNET  story. 

Questions  abound:  Did  the  Apple  operatives  illegally  represent 
themselves  as  police  officers?  Did  the  cops  help  the  homeowner  reach 
that  erroneous  conclusion?  Did  the  gang  of  six  coerce  the  homeowner 


into  opening  up  his  abode,  as  he  has  suggested?  If  there  was  incrimi¬ 
nating  evidence,  why  didn’t  the  police  get  a  warrant?  Why  was  there 
no  police  report,  or  at  least  none  revealed? 

And,  last  —  if  certainly  least  —  what  happened  to  the  phone? 

The  San  Francisco  police  now  say  they  have  begun  an  internal  inves¬ 
tigation  of  their  officers,  and,  one  would  assume,  the  Apple  duo. 

Apple  has  said  less  about  the  whole  thing  than  it  has  about  the 
iPhone  5,  but  it’s  only  a  matter  of  time  before  a  reporter  corners  the 
company’s  new  CEO  Tim  Cook  and  asks,  essentially: 

“Hey,  Tim,  is  this  how  you  want  your  guys  to  roll?” 

iCIoud  name  opens  up  for  Apple 

Meanwhile ...  Remember  that  Arizona  VoIP  services  provider  called 
iCIoud  Communications  that  sued  Apple  last  summer  over  the  latter’s 
plan  to  offer  an  online  storage  service  that  also  called  iCIoud? 

Well,  it  seems  as  though  iCIoud  Communications  is  dropping 
that  lawsuit  and  is  undergoing  a  name  change  to  Clear  Digital 
Communications. 

Why?  Neither  party  to  the  lawsuit  has  commented  publicly,  so  let’s 
fill  the  void  with  speculation: 

Perhaps  the  Arizona  guys  decided  to  let  bygones  be  bygones. 

Maybe  they  realized  that  they  didn’t  have  a  case,  even  though  it  sure 
looked  like  they  did  to  this  layman. 

Or  maybe  —  just  maybe  —  Apple  swung  open  the  checkbook  and 
made  them  an  offer  they  couldn’t  refuse.  ■ 

You  can  tell  me  otherwise  at  buzz@nww.com. 
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M  MOTOROLA 


Ht  .  % 

’m  not  turning 

IN  MY  PHONE. 

You  can't  control  your  employees.  You  can  control  their 
phones. That's  why  Motorola  Android™  Smartphones 
are  armed  with  remote  wipe,  passcode  protection,  data 
encryption  and  the  most  secure  connectivity  standards. 
Contact  Motorola  today  for  mobility  solutions  that  keep 
your  company  safe  and  IT  in  control. 

LIFE.  M  POWERED. 


MOTOROLA.COM/SECURITY  (800)  617-2403 


MOTOROLA  and  the  Stylized  M  Logo  are  registered  trademarks  of  Motorola  Trademark  Holdings,  LLC.  Android,  Google,  and  the  Google  Logo  are  trade 
of  Google,  Inc.  All  other  product  and  service  names  are  the  property  of  their  respective  owners.  2011  Motorola  Mobility,  Inc.  All 

features,  services  and  applications  are  network  dependent  and  may  not  be  available  in  all  areas;  additional  terms,  conditions  and/or  charges  may  apply. 
Contact  your  service  provider  for  details.  All  features,  functionality  and  othe  bject  to  change  without  notice  or  ol 
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Say  hello  to  your  entire  server  room. 

Imagine  if  you  could  consolidate  servers,  storage  and  networking  I/O  into  one  simple  package.  Just  think 
what  would  happen  to  your  IT  operating  costs.  That’s  exactly  what  many  midsize  businesses  are  doing. 
They’re  converging  their  IT  infrastructure  on  IBM  BladeCenter  S  and  HS22  servers  featuring  Intel®  Xeon® 
processors.  Through  virtualization,  they’re  reducing  servers  by  up  to  85%  and  cutting  energy  and  facilities 
costs  by  up  to  96%,  all  while  actually  improving  performance.2  They’re  enjoying  superior  availability  with 
features  like  redundant  power  and  I/O.  And  they’re  deploying  the  integrated  SAN  capability  for  up  to  $4,900 
less  than  competitive  offerings.3 


Take  10  minutes  to  see  for  yourself. 

Learn  how  you  could  achieve  up  to  a  3-month  ROI  on  your  migration  with 
our  System  Consolidation  Evaluation  Tool  at  ibm.com/systems/consolidate. 
To  connect  with  the  right  IBM  Business  Partner,  call  877-IBM-ACCESS. 


'60  month  FMV  lease  from  IBM  Global  Financing,  “best  credit"  business  customer,  Prices  are  current  as  ot  5/20/11;  subject  to  change  without  notice; 
based  on  manufacturer's  suggested  retail  price;  dealer  prices  may  vary.  Financing  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM 
subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Minimum  transaction  size:  $5,000;  rates  based  on 
creditworthiness,  terms,  offering  and  equipment  type  and  options,  and  may  vary  by  country.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject 
to  change,  extension  or  withdrawal  without  notice.  Please  contact  your  IBM  Authorized  Business  Partner  or  IBM  representative  for  more  information. 
'Sources  for  the  claims  can  be  found  at  www.ibm.com/systems/consolidate.  3$4,900  cost  savings  vs.  Hewlett-Packard  blade  enclosure  and  servers  was 
calculated  using  public  sources  as  of  May  2011.  Items  compared  were  IBM  BladeCenter  S  chassis  with  SAN  and  six  IBM  HS22  servers  vs.  Hewlett- 
Packard's  c3000  blade  enclosure  with  SAN  and  six  BL  460  G7  servers.  IBM,  the  IBM  logo,  ibm.com  and  BladeCenter  are  trademarks  of  International 
Business  Machines  Corp,  registered  in  many  jurisdictions  worldwide.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.ibm.com/legal/ 
copytradeshtml.  Intel,  the  Intel  logo,  Xeon  and  Xeon  Inside  are  trademarks  or  registered  trademarks  of  Intel  Corporation  in  the  United  States  and  other 
countries.  All  other  products  may  be  trademarks  or  registered  trademarks  of  their  respective  companies.  ©  International  Business  Machines  Corporation 
2011.  All  rights  reserved. 
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